Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15106 | DG0086-ORACLE11 | SV-24675r1_rule | ECLP-1 | Medium |
Description |
---|
Excess privilege assignment can lead to intentional or unintentional unauthorized actions. Such actions may compromise the operation or integrity of the DBMS and its data. Monitoring assigned privileges assists in the detection of unauthorized privilege assignment. The DBA role is assigned privileges that allow DBAs to modify privileges assigned to them. Ensure that the DBA Role is monitored for any unauthorized changes. |
STIG | Date |
---|---|
Oracle Database 11g Installation STIG | 2014-12-16 |
Check Text ( C-29192r1_chk ) |
---|
Review documented procedures and implementation evidence of DBA role privilege monitoring. If procedures are not documented or noted in the System Security Plan or are not complete, this is a Finding. If evidence of implementation for monitoring does not exist, this is a Finding. If monitoring does not occur monthly (~30 days) or more often, this is a Finding. |
Fix Text (F-26208r1_fix) |
---|
Design, document and implement procedures for monitoring DBA role privilege assignments. Grant the DBA role the minimum privileges required to perform administrative functions. Establish monitoring of DBA role privileges monthly or more often. |