Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3439 | DO0350-ORACLE10 | SV-24533r1_rule | ECLP-1 ECPA-1 | Medium |
Description |
---|
System privileges allow system-wide changes to the database or database objects. Unauthorized use of system privileges may jeopardize production applications, application data, or the database configuration and operation. |
STIG | Date |
---|---|
Oracle 10 Database Instance STIG | 2014-01-14 |
Check Text ( None ) |
---|
None |
Fix Text (F-26514r1_fix) |
---|
Document and justify system privileges assigned to users/roles in the System Security Plan and authorize with the IAO. Remove unauthorized or unjustified system privileges from user accounts or roles. From SQL*Plus: revoke [privilege] from [user or role name]; Replace [privilege] with the named privilege and [user or role name] with the identified user or role. |