Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Plans and procedures for testing DBMS installations, upgrades and patches must be defined and followed prior to production implementation.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-54029 | O112-BP-024700 | SV-68269r1_rule | Medium |
| Description |
|---|
| Updates and patches to existing software have the intention of improving the security or enhancing or adding features to the product. However, it is unfortunately common that updates or patches can render production systems inoperable or even introduce serious vulnerabilities. Some updates also set security configurations back to unacceptable settings that do not meet security requirements. For these reasons, it is a good practice to test updates and patches offline before introducing them in a production environment. |
| STIG | Date |
|---|---|
| Oracle Database 11.2g Security Technical Implementation Guide | 2018-06-25 |
Details
| Check Text ( C-54821r1_chk ) |
|---|
| Review policy and procedures documented or noted in the System Security Plan and evidence of implementation for testing DBMS installations, upgrades and patches prior to production deployment. If policy and procedures do not exist or evidence of implementation does not exist, this is a Finding. |
| Fix Text (F-58869r1_fix) |
|---|
| Develop, document and implement procedures for testing DBMS installations, upgrades and patches prior to deployment on production systems. |