UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DBMS account passwords should be set to expire every 60 days or more frequently.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15153 DG0125-ORACLE10 SV-24779r1_rule IAIA-1 IAIA-2 Medium
Description
The PASSWORD_LIFE_TIME value specifies the length of time the same password may be used to authenticate to a database account. After the time period specified has passed for the assigned password, the user is required to change their password or else forfeit access to the database. Frequent password changes help to decrease the likelihood or duration of a password compromise that would result in unauthorized access.
STIG Date
Oracle 10 Database Instance STIG 2014-01-14

Details

Check Text ( None )
None
Fix Text (F-26381r1_fix)
Assign a password lifetime of 60 days or less to the default database profile.

Assign a password lifetime of 60 days or less to non-default profiles assigned to interactive database accounts.

Assign as password lifetime of 365 days or less to non-default profiles assigned to non-interactive database accounts that do not support frequent password changes.

Include a list of all database accounts and their profile assignments in the System Security Plan.

Modify profiles to assign a password lifetime.

From SQL*Plus:
alter profile default limit password_life_time 60;
alter profile [profile name] limit password_life_time [60 to 365];

Replace [profile name] with any existing, non-default profile name and [60 to 365] with a value between 60 and 365 (days) inclusive.