UCF STIG Viewer Logo

The DBMS must use multifactor authentication for network access to non-privileged accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32444 SRG-APP-000150-DB-000105 SV-42781r1_rule Medium
Description
Multifactor authentication is defined as using two or more factors to achieve authentication. Factors include: (i) Something a user knows (e.g., password/PIN); (ii) Something a user has (e.g., cryptographic identification device, token); or (iii) Something a user is (e.g., biometric). A non-privileged account is defined as an information system account with authorizations of a regular or non-privileged user. Network access is defined as access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet). The lack of multifactor authentication makes it much easier for an attacker to gain unauthorized access to a system.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40883r1_chk )
Review DBMS settings to determine whether users logging into non-privileged accounts via a network are required to use multifactor authentication. If users logging into non-privileged accounts via a network are not required to use multifactor authentication, this is a finding.
Fix Text (F-36359r1_fix)
Configure DBMS settings to require multifactor authentication for network users logging into non-privileged accounts.