The DBMS IA policies and procedures should be reviewed annually or more frequently.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15138 | DG0096-ORACLE10 | SV-24688r1_rule | DCAR-1 | Low |
| Description |
|---|
| A regular review of current database security policies and procedures is necessary to maintain the desired security posture of the DBMS. Policies and procedures should be measured against current DoD policy, STIG guidance, vendor-specific guidance and recommendations, and site-specific or other security policies. |
| STIG | Date |
|---|---|
| Oracle Database 10g Installation STIG | 2014-04-02 |
Details
| Check Text ( C-29225r1_chk ) |
|---|
| Review documented policy and procedures included or noted in the System Security Plan as well as evidence of implementation for annual reviews of DBMS IA policy and procedures. If policy and procedures do not exist, are incomplete, or are not implemented and followed annually or more frequently, this is a Finding. |
| Fix Text (F-26246r1_fix) |
|---|
| Develop, document and implement procedures to review DBMS IA policies and procedures. |