The DBMS must use multifactor authentication for network access to privileged accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32443 | SRG-APP-000149-DB-000104 | SV-42780r1_rule | Medium |
| Description |
|---|
| Multifactor authentication is defined as using two or more factors to achieve authentication. Factors include: (i) Something a user knows (e.g., password/PIN); (ii) Something a user has (e.g., cryptographic identification device, token); or (iii) Something a user is (e.g., biometric). A privileged account is defined as an information system account with authorizations of a privileged user. Network access is defined as access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet). The lack of multifactor authentication makes it much easier for an attacker to gain unauthorized access to a system. |
| STIG | Date |
|---|---|
| Database Security Requirements Guide | 2012-07-02 |
Details
| Check Text ( C-40882r1_chk ) |
|---|
| Review DBMS settings to determine whether users logging into privileged accounts via a network are required to use multifactor authentication. If users logging into privileged accounts via a network are not required to use multifactor authentication, this is a finding. |
| Fix Text (F-36358r1_fix) |
|---|
| Configure DBMS settings to require multifactor authentication for network users logging into privileged accounts. |