UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Oracle SID should not be the default SID.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3848 DO0221-ORACLE10 SV-24867r2_rule ECAN-1 Low
Description
Use of the default Oracle System Identifier (SID) leaves the database vulnerable to attacks that target Oracle installations running under default SID. Using a custom name helps protect the database against this kind of targeted attack.
STIG Date
Oracle Database 10g Instance STIG 2014-04-02

Details

Check Text ( C-29423r2_chk )
From SQL*Plus: select instance_name from v$instance; Review the instance name with the DBA. Ask the DBA if the instance name was chosen by the installer to conform to local naming conventions, etc. or if it was determined by the installation software. If it was named by the installation software, this is a Finding.
Fix Text (F-26450r1_fix)
Follow the instructions in Oracle MetaLink Note 15390.1 (and related documents) to change the SID for the database without re-creating the database to a value other than the application default.