UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS should not have a connection defined to access or be accessed by a DBMS at a different classification level.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15656 DG0171-ORACLE11 SV-25075r1_rule ECIC-1 Medium
Description
Applications that access databases and databases connecting to remote databases that differ in their assigned classification levels may expose sensitive data to unauthorized clients. Any interconnections between databases or applications and databases differing in classification levels are required to comply with interface control rules.
STIG Date
Oracle Database 11g Installation STIG 2014-12-16

Details

Check Text ( C-23524r1_chk )
Review database links or other connections defined for the database to access or be accessed by remote databases or other applications as defined in the AIS Functional Architecture documentation or the System Security Plan.

If any interconnections show differences in the DBMS and remote system classification levels, this is a Finding.
Fix Text (F-20164r1_fix)
Disassociate or remove connection definitions to remote systems of differing classification levels.