The DBMS must not share resources used to interface with systems operating at different security levels.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32548	SRG-APP-000244-DB-000131	SV-42885r1_rule		Low

Description

The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after the resource has been released back to the information system. Shared resources include memory, input/output queues, and network interface cards. DBMS installations with different security levels have different access and security requirements. Shared DBMS installations secured at a lower-level can lead to exploitation of higher-level installations.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40987r1_chk )
Review the system documentation to determine if the DBMS host contains DBMS installations with differing security levels. If the DBMS host contains DBMS installations with different security levels, this is a finding.

Fix Text (F-36463r1_fix)
Establish separate host systems for DBMS installations of different security levels.