The IAM should review changes to DBA role assignments.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15127 | DG0118-ORACLE11 | SV-24742r1_rule | ECPA-1 | Medium |
| Description |
|---|
| Unauthorized assignment of DBA privileges can lead to a compromise of DBMS integrity. Providing oversight to the authorization and assignment of privileges provides the separation of duty to support sufficient oversight. |
| STIG | Date |
|---|---|
| Oracle 11 Database Installation STIG | 2014-01-14 |
Details
| Check Text ( C-29353r1_chk ) |
|---|
| Review policy and procedures documented or noted in the System Security Plan as well as evidence of implementation for monitoring changes to DBA role assignments and procedures for notifying the IAM of the changes for review. If policy, procedures or implementation evidence do not exist, this is a Finding. |
| Fix Text (F-26378r1_fix) |
|---|
| Develop, document and implement procedures to monitor changes to DBA role assignments. Develop, document and implement procedures to notify the IAM of changes to DBA role assignments. Include in the procedures methods that provide evidence of monitoring and notification. |