The DBMS, when used for non-local maintenance sessions, must protect those sessions through the use of a strong authenticator tightly bound to the user.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32485	SRG-APP-000183-DB-000118	SV-42822r1_rule		Medium

Description
Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Identification and authentication techniques used in the establishment of non-local maintenance and diagnostic sessions must be consistent with the network access requirements in IA-2. Strong authenticators include PKI where certificates are stored on a token protected by a password, passphrase, or biometric. Examples of types of applications used for non-local maintenance and diagnostic activities are provided below. Use as an example does not imply compliance with policy requirements or approval for use. Examples include, but are not limited to Terminal Services, Remote Desktop, Dameware, and VNC (all variants). If non-local maintenance and diagnostic sessions are performed without the use of a strong authenticator bound to the user, the user’s identity cannot be trusted. This can result in unauthenticated access to maintenance administrator functionality.

Description

Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Identification and authentication techniques used in the establishment of non-local maintenance and diagnostic sessions must be consistent with the network access requirements in IA-2. Strong authenticators include PKI where certificates are stored on a token protected by a password, passphrase, or biometric. Examples of types of applications used for non-local maintenance and diagnostic activities are provided below. Use as an example does not imply compliance with policy requirements or approval for use. Examples include, but are not limited to Terminal Services, Remote Desktop, Dameware, and VNC (all variants). If non-local maintenance and diagnostic sessions are performed without the use of a strong authenticator bound to the user, the user’s identity cannot be trusted. This can result in unauthenticated access to maintenance administrator functionality.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40922r3_chk )
Review DBMS settings to determine whether the DBMS employs strong authentication, tightly bound to the user, for non-local maintenance sessions. If the DBMS does not use strong authentication, tightly bound to the user, for non-local maintenance sessions, this is a finding.

Fix Text (F-36399r1_fix)
Configure DBMS security setting to utilize strong authentication, tightly bound to the user, for non-local maintenance sessions.