UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Remote DBMS administration must be documented and authorized or disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-54055 O112-BP-026000 SV-68295r2_rule Medium
Description
Remote administration may expose configuration and sensitive data to unauthorized viewing during transit across the network or allow unauthorized administrative access to the DBMS to remote users.
STIG Date
Oracle Database 11.2g Security Technical Implementation Guide 2017-04-05

Details

Check Text ( C-54849r3_chk )
Review the System Security Plan for authorization, assignments and usage procedures for remote DBMS administration.

If remote administration of the DBMS is not documented or poorly documented, this is a Finding.

If remote administration of the DBMS is not authorized and not disabled, this is a Finding.

If remote administration is to be performed from outside the DoDIN, but is not done via an approved and properly configured VPN, this is a finding.
Fix Text (F-58897r3_fix)
Disable remote administration of the DBMS where not required.

Where remote administration of the DBMS is required, develop, document and implement policy and procedures on its use.

Where remote administration is to be performed from outside the DoDIN, configure an approved VPN client for this purpose.

Assign remote administration privileges to ISSO-authorized personnel only.

Document assignments in the System Security Plan.