UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must support the enforcement of a two-person rule for changes to organization defined application components and system-level information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32409 SRG-APP-000132-DB-000089 SV-42746r1_rule Medium
Description
Regarding access restrictions for changes made to organization defined information system components and system level information, any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, only qualified and authorized individuals are allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications. A two-person rule requires two separate individuals acknowledge and approve those changes. Two-person rule for changes to critical application components helps to reduce risks pertaining to availability and integrity.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40850r2_chk )
If the organization has not defined components and system level information that requires dual authorization, this is NA.

Review DBMS vendor documentation to determine whether the DBMS software can provide dual authorization capabilities. If the DBMS does not support dual authorization, this is a finding.

Review DBMS settings to verify dual authorization is enabled for organization defined application components and system-level information. If dual authorization is not enabled, this is a finding.
Fix Text (F-36323r2_fix)
Configure DBMS software to enable dual authorization for organization defined application components and system-level information.

If DBMS does not support dual authorization, utilize a DBMS or third-party product that provides dual authorization.