Sensitive data should be labeled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15616	DG0087-ORACLE10	SV-24392r2_rule	ECML-1	Low

Description
The sensitivity marking or labeling of data items promotes the correct handling and protection of the data. Without such notification, the user may unwittingly disclose sensitive data to unauthorized users.

STIG	Date
Oracle Database 10g Instance STIG	2014-04-02

Details

Check Text ( C-19395r2_chk )
If database does not contain sensitive data, this check is Not a Finding. If Oracle Label Security is not installed and database contains sensitive data, this is a Finding. From SQLPlus: select from DBA_SA_USERS; Compare results to the requirements for labeling as specified in the System Security Plan. If label security is not configured as specified in the System Security Plan, this is a Finding.

Check Text ( C-19395r2_chk )

If database does not contain sensitive data, this check is Not a Finding. If Oracle Label Security is not installed and database contains sensitive data, this is a Finding. From SQL*Plus: select * from DBA_SA_USERS; Compare results to the requirements for labeling as specified in the System Security Plan. If label security is not configured as specified in the System Security Plan, this is a Finding.

Fix Text (F-26572r1_fix)
Develop, document and implement label security requirements. Install and configure label security in accordance with the System Security Plan. Monitor and audit changes to the label security configuration.