UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Oracle Database 10g Instance STIG



Findings (MAC I - Mission Critial Public)

Finding ID Severity Title
V-2555 High The Oracle REMOTE_OS_ROLES parameter should be set to FALSE.
V-2554 High The Oracle REMOTE_OS_AUTHENT parameter should be set to FALSE.
V-2587 High Oracle accounts should not have permission to view the table SYS.LINK$ which contain unencrypted database link passwords.
V-3821 Medium Application user privilege assignment should be reviewed monthly or more frequently to ensure compliance with least privilege and documented policy.
V-16033 Medium Case sensitivity for passwords should be enabled.
V-2515 Medium The audit table should be owned by SYS or SYSTEM.
V-2517 Medium Oracle instance names should not contain Oracle version numbers.
V-2516 Medium Access to default accounts used to support replication should be restricted to authorized DBAs.
V-2511 Medium Access to the Oracle SYS and SYSTEM accounts should be restricted to authorized DBAs.
V-15654 Medium DBMS symmetric keys should be protected in accordance with NSA or NIST-approved key management technology or processes.
V-3810 Medium DBMS authentication should require use of a DoD PKI certificate.
V-2593 Medium The Oracle RESOURCE_LIMIT parameter should be set to TRUE.
V-15154 Medium Credentials stored and used by the DBMS to access remote databases or applications should be authorized and restricted to authorized users.
V-15133 Medium Transaction logs should be periodically reviewed for unauthorized modification of data. Users should be notified of time and date of the last change in data content.
V-2556 Medium The Oracle SQL92_SECURITY parameter should be set to TRUE.
V-3818 Medium Unauthorized database links should not be defined and active.
V-3857 Medium The Oracle _TRACE_FILES_PUBLIC parameter if present should be set to FALSE.
V-3854 Medium The directories assigned to the LOG_ARCHIVE_DEST* parameters should be protected from unauthorized access.
V-3853 Medium The directory assigned to the CORE_DUMP_DEST parameter should be protected from unauthorized access.
V-3852 Medium The directory assigned to the BACKGROUND_DUMP_DEST parameter should be protected from unauthorized access.
V-3851 Medium The directory assigned to the USER_DUMP_DEST parameter should be protected from unauthorized access.
V-3850 Medium The directory assigned to the AUDIT_FILE_DEST parameter should be protected from unauthorized access.
V-15646 Medium Audit records should contain required information.
V-15623 Medium DBMS system data files should be stored in dedicated disk directories.
V-15624 Medium DBMS data files should be dedicated to support individual applications.
V-15626 Medium Database privileged role assignments should be restricted to IAO-authorized DBMS accounts.
V-2507 Medium Audit trail data should be retained for one year.
V-2564 Medium System Privileges should not be granted to PUBLIC.
V-15609 Medium Default demonstration and sample database objects and applications should be removed.
V-2561 Medium System privileges granted using the WITH ADMIN OPTION should not be granted to unauthorized user accounts.
V-2562 Medium Required object auditing should be configured.
V-15619 Medium Replication accounts should not be granted DBA privileges.
V-2552 Medium The IDLE_TIME profile parameter should be set for Oracle profiles IAW DoD policy.
V-2520 Medium Fixed user and public database links should be authorized for use.
V-2521 Medium A minimum of two Oracle control files should be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.
V-2522 Medium A minimum of two Oracle redo log groups/files should be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.
V-15627 Medium Administrative privileges should be assigned to database accounts via database roles.
V-15660 Medium Remote database or other external access should use fully-qualified names.
V-2527 Medium The DBA role should not be granted to unauthorized user accounts.
V-15628 Medium DBMS application users should not be granted administrative privileges to the DBMS.
V-15128 Medium DBMS application user roles should not be assigned unauthorized privileges.
V-5685 Medium Required auditing parameters for database auditing should be set.
V-5686 Medium Audit records should be restricted to authorized individuals.
V-15629 Medium Application users privileges should be restricted to assignment using application user roles.
V-3808 Medium Database job/batch queues should be reviewed regularly to detect unauthorized database job submissions.
V-3437 Medium Application role permissions should not be assigned to the Oracle PUBLIC role.
V-2589 Medium Object permissions granted to PUBLIC should be restricted.
V-3846 Medium Only authorized system accounts should have the SYSTEM tablespace specified as the default tablespace.
V-3849 Medium Application owner accounts should have a dedicated application tablespace.
V-3820 Medium Production databases should be protected from unauthorized access by developers on shared production/development host systems.
V-2533 Medium The Oracle WITH GRANT OPTION privilege should not be granted to non-DBA or non-Application administrator user accounts.
V-15607 Medium Application objects should be owned by accounts authorized for ownership.
V-15142 Medium Asymmetric keys should use DoD PKI Certificates and be protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes.
V-15632 Medium Use of DBA accounts should be restricted to administrative activities.
V-5683 Medium Application object owner accounts should be disabled when not performing installation or maintenance actions.
V-3439 Medium Oracle system privileges should not be directly assigned to unauthorized accounts.
V-3438 Medium Oracle application administration roles should be disabled if not required and authorized.
V-15615 Medium The DBA role should not be assigned excessive or unauthorized privileges.
V-2558 Medium The Oracle REMOTE_LOGIN_PASSWORDFILE parameter should be set to EXCLUSIVE or NONE.
V-15617 Medium Access to external objects should be disabled if not required and authorized.
V-2539 Medium Execute permission should be revoked from PUBLIC for restricted Oracle packages.
V-2574 Medium Oracle roles granted using the WITH ADMIN OPTION should not be granted to unauthorized accounts.
V-2519 Low The Oracle OS_ROLES parameter should be set to FALSE.
V-15114 Low Developers should not be assigned excessive privileges on production databases.
V-3727 Low Database applications should be restricted from using static DDL statements to modify the application schema.
V-2586 Low The Oracle O7_DICTIONARY_ACCESSIBILITY parameter should be set to FALSE.
V-15149 Low DBA roles assignments should be assigned and authorized by the IAO.
V-3865 Low The XDB Protocol server should be uninstalled if not required and authorized for use.
V-3848 Low The Oracle SID should not be the default SID.
V-3847 Low Database application user accounts should be denied storage usage for object creation within the database.
V-2531 Low The Oracle OS_AUTHENT_PREFIX parameter should be changed from the default value of OPS$.
V-3823 Low Custom and GOTS application source code stored in the database should be protected with encryption or encoding.