UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS requires a System Security Plan containing all required information.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15150 DG0154-ORACLE10 SV-24436r1_rule DCSD-1 Low
Description
A System Security Plan identifies security control applicability and configuration for the DBMS. It also contains security control documentation requirements. Security controls applicable to the DBMS may not be documented, tracked or followed if not identified in the System Security Plan. Any omission of security control consideration could lead to an exploit of DBMS vulnerabilities.
STIG Date
Oracle Database 10g Installation STIG 2014-04-02

Details

Check Text ( C-29374r1_chk )
Review the System Security Plan for the DBMS.

Review coverage of the following in the System Security Plan:
- Technical, administrative and procedural IA program and policies that govern the DBMS
- Identification of all IA personnel (IAM, IAO, DBA, SA) assigned responsibility to the DBMS
- Specific IA requirements and objectives (e.g., requirements for data handling or dissemination (to include identification of sensitive data stored in the database, database application user job functions/roles and privileges), system redundancy and backup, or emergency response)

If a System Security Plan does not exist or does not identify or reference all relevant security controls, this is a Finding.
Fix Text (F-26399r1_fix)
Develop, document and implement a System Security Plan for the DBMS.

Include IA documentation related to the DBMS in the System Security Plan for the system that the DBMS supports.

Review section 3.4 - System Security Plan Overview in the ORACLE DATABASE SECURITY CHECKLIST for more information.