UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS, when used for non-local maintenance sessions, must protect those sessions through the use of a strong authenticator tightly bound to the user.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32485 SRG-APP-000183-DB-000118 SV-42822r1_rule Medium
Description
Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Identification and authentication techniques used in the establishment of non-local maintenance and diagnostic sessions must be consistent with the network access requirements in IA-2. Strong authenticators include PKI where certificates are stored on a token protected by a password, passphrase, or biometric. Examples of types of applications used for non-local maintenance and diagnostic activities are provided below. Use as an example does not imply compliance with policy requirements or approval for use. Examples include, but are not limited to Terminal Services, Remote Desktop, Dameware, and VNC (all variants). If non-local maintenance and diagnostic sessions are performed without the use of a strong authenticator bound to the user, the user’s identity cannot be trusted. This can result in unauthenticated access to maintenance administrator functionality.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40922r3_chk )
Review DBMS settings to determine whether the DBMS employs strong authentication, tightly bound to the user, for non-local maintenance sessions. If the DBMS does not use strong authentication, tightly bound to the user, for non-local maintenance sessions, this is a finding.
Fix Text (F-36399r1_fix)
Configure DBMS security setting to utilize strong authentication, tightly bound to the user, for non-local maintenance sessions.