The DBMS should not have a connection defined to access or be accessed by a DBMS at a different classification level.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15656 | DG0171-ORACLE11 | SV-25075r1_rule | ECIC-1 | Medium |
| Description |
|---|
| Applications that access databases and databases connecting to remote databases that differ in their assigned classification levels may expose sensitive data to unauthorized clients. Any interconnections between databases or applications and databases differing in classification levels are required to comply with interface control rules. |
| STIG | Date |
|---|---|
| Oracle 11 Database Installation STIG | 2014-01-14 |
Details
| Check Text ( C-23524r1_chk ) |
|---|
| Review database links or other connections defined for the database to access or be accessed by remote databases or other applications as defined in the AIS Functional Architecture documentation or the System Security Plan. If any interconnections show differences in the DBMS and remote system classification levels, this is a Finding. |
| Fix Text (F-20164r1_fix) |
|---|
| Disassociate or remove connection definitions to remote systems of differing classification levels. |