The database should be secured in accordance with DoD guidance where applicable.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6767	DG0007-ORACLE11	SV-25032r1_rule	DCCS-1 DCCS-2	Medium

Description
DBMS systems that do not follow DoD security guidance are vulnerable to related published vulnerabilities. A DoD reference document such as a security technical implementation guide or security recommendation guide constitutes the primary source for security configuration or implementation guidance for the deployment of newly acquired IA- and IA-enabled IT products that require use of the product's IA capabilities.

Description

DBMS systems that do not follow DoD security guidance are vulnerable to related published vulnerabilities. A DoD reference document such as a security technical implementation guide or security recommendation guide constitutes the primary source for security configuration or implementation guidance for the deployment of newly acquired IA- and IA-enabled IT products that require use of the product's IA capabilities.

STIG	Date
Oracle 11 Database Installation STIG	2014-01-14

Details

Check Text ( C-1048r1_chk )
Review security and administration documentation maintained for the DBMS system for indications that DoD security guidance has been applied to the DBMS system. If the DBMS system has not been secured using available DoD security guidance, this is a Finding.

Fix Text (F-17962r1_fix)
Apply available DoD security guidance to the DBMS system. If DoD security guidance is not available, the system owner works with DISA or NSA to draft configuration guidance for inclusion in a departmental reference guide.