UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access to DBMS security data should be audited.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15643 DG0140-ORACLE10 SV-24431r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
DBMS security data is useful to malicious users to perpetrate activities that compromise DBMS operations or data integrity. Auditing of access to this data supports forensic and accountability investigations.
STIG Date
Oracle 10 Database Installation STIG 2014-01-14

Details

Check Text ( C-17015r1_chk )
Determine the locations of DBMS audit, configuration, credential and other security data. Review audit settings for these files or data objects.

If access to the security data is not audited, this is a Finding.

If no access is audited, consider the operational impact and appropriateness for access that is not audited.

If the risk for incomplete auditing of the security files is reasonable and documented in the System Security Plan, then do not include this as a Finding.
Fix Text (F-23925r1_fix)
Determine all locations for storage of DBMS security and configuration data. Enable auditing for access to any security data. If auditing results in an unacceptable adverse impact on application operation, reduce the amount of auditing to a reasonable and acceptable level. Document any incomplete audit with acceptance of the risk of incomplete audit in the System Security Plan.