The DBMS must use multifactor authentication for local access to non-privileged accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32446 | SRG-APP-000152-DB-000107 | SV-42783r1_rule | Medium |
| Description |
|---|
| Multifactor authentication is defined as using two or more factors to achieve authentication. Factors include: (i) Something a user knows (e.g., password/PIN); (ii) Something a user has (e.g., cryptographic identification device, token); or (iii) Something a user is (e.g., biometric). A non-privileged account is defined as an information system account with authorizations of a regular or non-privileged user. Local Access is defined as access to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network. The lack of multifactor authentication makes it much easier for an attacker to gain unauthorized access to a system. |
| STIG | Date |
|---|---|
| Database Security Requirements Guide | 2012-07-02 |
Details
| Check Text ( C-40885r1_chk ) |
|---|
| Review DBMS settings to determine whether users logging into non-privileged accounts locally are required to use multifactor authentication. If users logging into non-privileged accounts locally are not required to use multifactor authentication, this is a finding. |
| Fix Text (F-36361r1_fix) |
|---|
| Configure DBMS settings to require multifactor authentication for local users logging into non-privileged accounts. |