UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Access grants to sensitive data should be restricted to authorized user roles.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15642 DG0138-ORACLE11 SV-24798r1_rule ECAN-1 Medium
Description
Unauthorized access to sensitive data may compromise the confidentiality of personnel privacy, threaten national security or compromise a variety of other sensitive operations. Access controls are best managed by defining requirements based on distinct job functions and assigning access based on the job function assigned to the individual user.
STIG Date
Oracle 11 Database Instance STIG 2014-01-14

Details

Check Text ( C-29369r1_chk )
If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this check is Not a Finding.

if no identified sensitive or classified data requires encryption by the Information Owner in the System Security Plan and/or AIS Functional Architecture documentation, this check is Not a Finding.

Review data access requirements for sensitive data as identified and assigned by the Information Owner in the System Security Plan.

Review the access controls for sensitive data configured in the database.

If the configured access controls do not match those defined in the System Security Plan, this is a Finding.
Fix Text (F-26394r1_fix)
Define, document and implement all sensitive data access controls based on job function in the System Security Plan.