UCF STIG Viewer Logo

Database data encryption controls should be configured in accordance with application requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15143 DG0106-ORACLE10 SV-24706r1_rule DCFA-1 Medium
Description
Access to sensitive data may not always be sufficiently protected by authorizations and require encryption. In some cases, the required encryption may be provided by the application accessing the database. In others, the DBMS may be configured to provide the data encryption. When the DBMS provides the encryption, the requirement must be implemented as identified by the Information Owner to prevent unauthorized disclosure or access.
STIG Date
Oracle 10 Database Installation STIG 2014-01-14

Details

Check Text ( C-29312r1_chk )
Review the System Security Plan and note sensitive data identified by the Information Owner as requiring encryption using DBMS features administered by the DBA.

If no sensitive data is present or encryption of sensitive data is not required by the Information Owner, this check is Not a Finding.

Review the encryption configuration against the System Security Plan specification.

If the specified encryption is not configured, this is a Finding.
Fix Text (F-26344r1_fix)
Configure DBMS encryption features and functions as required by the System Security Plan.

Discrepancies between what features are and are not available should be resolved with the Information Owner, Application Developer and DBA as overseen by the IAO.