DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15106	DG0086-ORACLE10	SV-24674r1_rule	ECLP-1	Medium

Description
Excess privilege assignment can lead to intentional or unintentional unauthorized actions. Such actions may compromise the operation or integrity of the DBMS and its data. Monitoring assigned privileges assists in the detection of unauthorized privilege assignment. The DBA role is assigned privileges that allow DBAs to modify privileges assigned to them. Ensure that the DBA Role is monitored for any unauthorized changes.

Description

Excess privilege assignment can lead to intentional or unintentional unauthorized actions. Such actions may compromise the operation or integrity of the DBMS and its data. Monitoring assigned privileges assists in the detection of unauthorized privilege assignment. The DBA role is assigned privileges that allow DBAs to modify privileges assigned to them. Ensure that the DBA Role is monitored for any unauthorized changes.

STIG	Date
Oracle 10 Database Installation STIG	2014-01-14

Details

Check Text ( C-29191r1_chk )
Review documented procedures and implementation evidence of DBA role privilege monitoring. If procedures are not documented or noted in the System Security Plan or are not complete, this is a Finding. If evidence of implementation for monitoring does not exist, this is a Finding. If monitoring does not occur monthly (~30 days) or more often, this is a Finding.

Fix Text (F-26207r1_fix)
Design, document and implement procedures for monitoring DBA role privilege assignments. Grant the DBA role the minimum privileges required to perform administrative functions. Establish monitoring of DBA role privileges monthly or more often.