UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must enforce requirements for remote connections to the information system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32422 SRG-APP-000140-DB-000033 SV-42759r1_rule Medium
Description
Applications that provide remote access to information systems must be able to enforce remote access policy requirements or work in conjunction with enterprise tools designed to enforce policy requirements. Examples of policy requirements include, but are not limited to, authorizing remote access to the information system, limiting access based on authentication credentials, and monitoring for unauthorized access. If databases allowing remote connections do not enforce requirements for remote access, an attacker may gain access to the database and may, through the database, gain access to other components of the information system.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40864r2_chk )
Review organization’s access control policies and procedures addressing remote access to the information system.

If remote connections are not allowed by the organization, this is NA.

Review the DBMS settings to verify access controls and auditing settings exist and they enforce the requirements for remote access defined by the organization. If access controls and auditing do not exist or do not fully enforce the requirements defined in the organization's policies and procedures, this is a finding.
Fix Text (F-36337r1_fix)
Configure DBMS settings to ensure access control and auditing requirements for remote connections are enforced by the DBMS.