Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15611 | DG0054-ORACLE11 | SV-24630r1_rule | ECAT-1 ECAT-2 | Low |
Description |
---|
Regular and timely reviews of audit records increases the likelihood of early discovery of suspicious activity. Discovery of suspicious behavior can in turn trigger protection responses to minimize or eliminate a negative impact from malicious activity. Use of unauthorized application to access the DBMS may indicate an attempt to bypass security controls. |
STIG | Date |
---|---|
Oracle Database 11g Installation STIG | 2014-04-02 |
Check Text ( C-29157r1_chk ) |
---|
If application access audit data is not available due to the lack of a local listener process or alternate method of auditing database access, this check is Not a Finding (see check DG0052). Review the list of applications authorized to connect to the Oracle database as listed or noted in the System Security Plan. If no list exists, this is a Finding. Review evidence of audit log monitoring to detect use of unauthorized applications to access the database. If no evidence exists or is incomplete, this is a Finding. |
Fix Text (F-26168r1_fix) |
---|
Document applications authorized to access the DBMS in the System Security Plan. Develop, document and implement a process to review log and trace files or the results from any alternate methods used to support database access auditing to detect connections from unauthorized applications. Include in this process a method to generate and provide evidence of monitoring. This may include automated or manual processes acknowledged by the auditor or IAO. |