| V-2608 | High | The Oracle Listener should be configured to require administration authentication. | Oracle listener authentication helps prevent unauthorized administration of the Oracle listener. Unauthorized administration of the listener could lead to DoS exploits; loss of connection audit... |
| V-3812 | High | Database account passwords should be stored in encoded or encrypted format whether stored in database objects, external host files, environment variables or any other storage locations. | Database passwords stored in clear text are vulnerable to unauthorized disclosure. Database passwords should always be encoded or encrypted when stored internally or externally to the DBMS. |
| V-15104 | High | Sensitive data served by the DBMS should be protected by encryption when transmitted across the network. | Sensitive data served by the DBMS and transmitted across the network in clear text is vulnerable to unauthorized capture and review. |
| V-15636 | High | Passwords should be encrypted when transmitted across the network. | DBMS passwords sent in clear text format across the network are vulnerable to discovery by unauthorized users. Disclosure of passwords may easily lead to unauthorized access to the database. |
| V-5658 | High | Vendor supported software is evaluated and patched against newly found vulnerabilities. | Unsupported software versions are not patched by vendors to address newly discovered security versions. An unpatched version is vulnerable to attack. |
| V-15658 | Medium | The DBMS warning banner should meet DoD policy requirements. | Without sufficient warning of monitoring and access restrictions of a system, legal prosecution to assign responsibility for unauthorized or malicious access may not succeed. A warning message... |
| V-15110 | Medium | Use of the DBMS installation account should be logged. | The DBMS installation account may be used by any authorized user to perform DBMS installation or maintenance. Without logging, accountability for actions attributed to the account is lost. |
| V-15111 | Medium | Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions. | The DBMS software installation account is granted privileges not required for DBA or other functions. Use of accounts configured with excess privileges may result in unauthorized or unintentional... |
| V-15116 | Medium | The DBMS host platform and other dependent applications should be configured in compliance with applicable STIG requirements. | The security of the data stored in the DBMS is also vulnerable to attacks against the host platform, calling applications, and other application or optional components. |
| V-6756 | Medium | Only necessary privileges to the host system should be granted to DBA OS accounts. | Database administration accounts are frequently granted more permissions to the local host system than are necessary. This allows inadvertent or malicious changes to the host operating system. |
| V-16032 | Medium | Remote administration should be disabled for the Oracle connection manager. | Remote administration provides a potential opportunity for malicious users to make unauthorized changes to the Connection Manager configuration or interrupt its service. |
| V-3497 | Medium | The Oracle Listener ADMIN_RESTRICTIONS parameter if present should be set to ON. | The Oracle listener process can be dynamically configured. By connecting to the listener process directly, usually through the Oracle LSNRCTL utility, a user may change any of the parameters... |
| V-15118 | Medium | Remote administrative access to the database should be monitored by the IAO or IAM. | Remote administrative access to systems provides a path for access to and exploit of DBA privileges. Where the risk has been accepted to allow remote administrative access, it is imperative to... |
| V-15652 | Medium | DBMS remote administration should be audited. | When remote administration is available, the vulnerability to attack for administrative access is increased. An audit of remote administrative access provides additional means to discover... |
| V-4754 | Medium | Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications. | Multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security... |
| V-15656 | Medium | The DBMS should not have a connection defined to access or be accessed by a DBMS at a different classification level. | Applications that access databases and databases connecting to remote databases that differ in their assigned classification levels may expose sensitive data to unauthorized clients. Any... |
| V-3813 | Medium | DBMS tools or applications that echo or require a password entry in clear text should be protected from password display. | Database applications may allow for entry of the account name and password as a visible parameter of the application execution command. This practice should be prohibited and disabled, if... |
| V-3811 | Medium | Procedures for establishing temporary passwords that meet DoD password requirements for new accounts should be defined, documented and implemented. | New accounts authenticated by passwords that are created without a password or with an easily guessed password are vulnerable to unauthorized access. Procedures for creating new accounts with... |
| V-15131 | Medium | Sensitive information stored in the database should be protected by encryption.
| Sensitive data stored in unencrypted format within the database is vulnerable to unauthorized viewing. |
| V-15132 | Medium | Database data files containing sensitive information should be encrypted. | Where system and DBMS access controls do not provide complete protection of sensitive or classified information, the Information Owner may require encryption to provide additional protection.... |
| V-15179 | Medium | The DBMS should not share a host supporting an independent security service. | The Security Support Structure is a security control function or service provided by an external system or application. An example of this would be a Windows domain controller that provides... |
| V-15117 | Medium | The DBMS audit logs should be included in backup operations. | DBMS audit logs are essential to the investigation and prosecution of unauthorized access to the DBMS data. Unless audit logs are available for review, the extent of data compromise may not be... |
| V-57613 | Medium | A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device. | The Oracle redo log files store the detailed information on changes made to the database. This information is critical to database recovery in case of a database failure. |
| V-57611 | Medium | A minimum of two Oracle control files must be defined and configured to be stored on separate, archived physical disks or archived partitions on a RAID device. | Oracle control files are used to store information critical to Oracle database integrity. Oracle uses these files to maintain time synchronization of database files as well as at system startup to... |
| V-15621 | Medium | Network access to the DBMS must be restricted to authorized personnel. | Restricting remote access to specific, trusted systems helps prevent access by unauthorized and potentially malicious users. |
| V-3440 | Medium | Connections by mid-tier web and application systems to the Oracle DBMS should be protected, encrypted and authenticated according to database, web, application, enclave and network requirements. | Multi-tier systems may be configured with the database and connecting middle-tier system located on an internal network, with the database located on an internal network behind a firewall and the... |
| V-15608 | Medium | Access to DBMS software files and directories should not be granted to unauthorized users. | The DBMS software libraries contain the executables used by the DBMS to operate. Unauthorized access to the libraries can result in malicious alteration or planting of operational executables.... |
| V-15620 | Medium | OS accounts used to execute external procedures should be assigned minimum privileges. | External applications spawned by the DBMS process may be executed under OS accounts assigned unnecessary privileges that can lead to unauthorized access to OS resources. Unauthorized access to OS... |
| V-15651 | Medium | Remote DBMS administration should be documented and authorized or disabled. | Remote administration may expose configuration and sensitive data to unauthorized viewing during transit across the network or allow unauthorized administrative access to the DBMS to remote users. |
| V-15643 | Medium | Access to DBMS security data should be audited. | DBMS security data is useful to malicious users to perpetrate activities that compromise DBMS operations or data integrity. Auditing of access to this data supports forensic and accountability... |
| V-2422 | Medium | The DBMS software installation account should be restricted to authorized users. | DBA and other privileged administrative or application owner accounts are granted privileges that allow actions that can have a greater impact on database security and operation. It is especially... |
| V-15625 | Medium | Recovery procedures and technical system features exist to ensure that recovery is done
in a secure and verifiable manner. | A DBMS may be vulnerable to use of compromised data or other critical files during recovery. Use of compromised files could introduce maliciously altered application code, relaxed security... |
| V-15105 | Medium | Unauthorized access to external database objects should be removed from application user roles. | Access to objects stored and/or executed outside of the DBMS security context may provide an avenue of attack to host system resources not controlled by the DBMS. Any access to external resources... |
| V-15107 | Medium | DBMS privileges to restore database data or other DBMS configurations, features, or objects should be restricted to authorized DBMS accounts. | Unauthorized restoration of database data, objects, or other configuration or features can result in a loss of data integrity, unauthorized configuration, or other DBMS interruption or compromise.... |
| V-15106 | Medium | DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges. | Excess privilege assignment can lead to intentional or unintentional unauthorized actions. Such actions may compromise the operation or integrity of the DBMS and its data. Monitoring assigned... |
| V-2612 | Medium | Oracle SQLNet and listener log files should not be accessible to unauthorized users. | The SQLNet and Listener log files provide audit data useful to the discovery of suspicious behavior. The log files may contain usernames and passwords in clear text as well as other information... |
| V-15103 | Medium | An automated tool that monitors audit data and immediately reports suspicious activity should be employed for the DBMS. | Audit logs only capture information on suspicious events. Without an automated monitoring and alerting tool, malicious activity may go undetected and without response until compromise of the... |
| V-15102 | Medium | Automated notification of suspicious activity detected in the audit trail should be implemented. | Audit record collection may quickly overwhelm storage resources and an auditor's ability to review it in a productive manner. Automated tools can provide the means to manage the audit data... |
| V-16055 | Medium | Oracle Application Express or Oracle HTML DB should not be installed on a production database. | The Oracle Application Express, formerly called HTML DB, is an application development component installed by default with Oracle. Unauthorized application development can introduce a variety of... |
| V-15109 | Medium | DBMS production application and data directories should be protected from developers on shared production/development DBMS host systems.
| Developer roles should not be assigned DBMS administrative privileges to production DBMS application and data directories. The separation of production DBA and developer roles helps protect the... |
| V-2423 | Medium | Database software, applications and configuration files should be monitored to discover unauthorized changes. | Unmanaged changes that occur to the database software libraries or configuration can lead to unauthorized or compromised installations. |
| V-3806 | Medium | A baseline of database application software should be documented and maintained. | Without maintenance of a baseline of current DBMS application software, monitoring for changes cannot be complete and unauthorized changes to the software can go undetected. Changes to the DBMS... |
| V-15140 | Medium | Procedures and restrictions for import of production data to development databases should be documented, implemented and followed. | Data export from production databases may include sensitive data. Application developers may not be cleared for or have need-to-know to sensitive data. Any access they may have to production data... |
| V-15143 | Medium | Database data encryption controls should be configured in accordance with application requirements. | Access to sensitive data may not always be sufficiently protected by authorizations and require encryption. In some cases, the required encryption may be provided by the application accessing the... |
| V-3807 | Medium | All applications that access the database should be logged in the audit trail. | Protections and privileges are designed within the database to correspond to access via authorized software. Use of unauthorized software to access the database could indicate an attempt to bypass... |
| V-15144 | Medium | Sensitive data is stored in the database and should be identified in the System Security Plan and AIS Functional Architecture documentation. | A DBMS that does not have the correct confidentiality level identified or any confidentiality level assigned is not being secured at a level appropriate to the risk it poses. |
| V-15146 | Medium | The DBMS should not be operated without authorization on a host system supporting other application services. | In the same way that added security layers can provide a cumulative positive effect on security posture, multiple applications can provide a cumulative negative effect. A vulnerability and... |
| V-15148 | Medium | DBMS network communications should comply with PPS usage restrictions. | Non-standard network ports, protocol or services configuration or usage could lead to bypass of network perimeter security controls and protections. |
| V-15121 | Medium | DBMS software libraries should be periodically backed up. | The DBMS application depends upon the availability and integrity of its software libraries. Without backups, compromise or loss of the software libraries can prevent a successful recovery of DBMS... |
| V-15120 | Medium | DBMS backup and restoration files should be protected from unauthorized access. | Lost or compromised DBMS backup and restoration files may lead to not only the loss of data, but also the unauthorized access to sensitive data. Backup files need the same protections against... |
| V-15127 | Medium | The IAM should review changes to DBA role assignments. | Unauthorized assignment of DBA privileges can lead to a compromise of DBMS integrity. Providing oversight to the authorization and assignment of privileges provides the separation of duty to... |
| V-3809 | Medium | A single database connection configuration file should not be used to configure all database clients. | Many sites distribute a single client database connection configuration file to all site database users that contains network access information for all databases on the site. Such a file provides... |
| V-15659 | Medium | Credentials used to access remote databases should be protected by encryption and restricted to authorized users. | Access to database connection credential stores provides easy access to the database. Unauthorized access to the database can result without controls in place to prevent unauthorized access to the... |
| V-15618 | Medium | Access to external DBMS executables should be disabled or restricted. | The Oracle external procedure capability provides use of the Oracle process account outside the operation of the DBMS process. You can use it to submit and execute applications stored externally... |
| V-3862 | Medium | The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0. | The INBOUND_CONNECT_TIMEOUT_[listener-name] and SQLNET.INBOUND_CONNECT_TIMEOUT defines the limit the database listener and database server respectively will wait for a client connection to... |
| V-3863 | Medium | The Oracle SQLNET.EXPIRE_TIME parameter should be set to a value greater than 0. | The SQLNET.EXPIRE_TIME parameter defines a limit for the frequency of active connection verification of a client connection. This prevents indefinite open connections to the database where client... |
| V-3803 | Medium | A production DBMS installation should not coexist on the same DBMS host with other, non-production DBMS installations. | Production, development and other non-production DBMS installations have different access and security requirements. Shared production/non-production DBMS installations secured at a... |
| V-15139 | Medium | Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation. | Updates and patches to existing software have the intention of improving the security or enhancing or adding features to the product. However, it is unfortunately common that updates or patches... |
| V-3842 | Medium | The Oracle software installation account should not be granted excessive host system privileges. | A compromise of the Oracle database process could be used to gain access to the host operating system under the security account of the process owner. Limitation of the privileges assigned to the... |
| V-57609 | Medium | The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files. | The AUDIT_FILE_DEST parameter specifies the directory where the database audit trail file is stored (when AUDIT_TRAIL parameter is set to ‘OS’, ‘xml’, or ‘xml, extended’ where supported by the... |
| V-3825 | Medium | Remote adminstrative connections to the database should be encrypted. | Communications between a client and database service across the network may contain sensitive information including passwords. This is particularly true in the case of administrative activities.... |
| V-15129 | Medium | Backup and recovery procedures should be developed, documented, implemented and periodically tested. | Problems with backup procedures or backup media may not be discovered until after a recovery is needed. Testing and verification of procedures provides the opportunity to discover oversights,... |
| V-5659 | Medium | The latest security patches should be installed. | Maintaining the currency of the software version protects the database from known vulnerabilities. |
| V-16056 | Medium | Oracle Configuration Manager should not remain installed on a production system. | Oracle Configuration Manager (OCM) is a function of the Oracle Software Configuration Manager (SCM). OCM collects system configuration data used for automated upload to systems owned and managed... |
| V-16057 | Medium | The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter should be set to a value of 10 or higher. | Unsupported Oracle network client installations may introduce vulnerabilities to the database. Restriction to use of supported versions helps to protect the database and helps to enforce newer,... |
| V-16054 | Medium | The Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter should not be set to NONE. | Undetected attacks using bad packets can lead to a successful Denial of Service (DoS) to database clients. Notification of attacks based on a flood of bad packets sent to the database can assist... |
| V-15662 | Medium | Remote administration of the DBMS should be restricted to known, dedicated and encrypted network addresses and ports. | Remote administration provides many conveniences that can assist in the maintenance of the designed security posture of the DBMS. On the other hand, remote administration of the database also... |
| V-43137 | Medium | DBMS cryptography must be NIST FIPS 140-2 validated. | Use of cryptography to provide confidentiality and non-repudiation is not effective unless strong methods are employed with its use. Many earlier encryption methods and modules have been broken... |
| V-15649 | Medium | The DBMS should have configured all applicable settings to use trusted files, functions, features, or other components during startup, shutdown, aborts, or other unplanned interruptions. | The DBMS opens data files and reads configuration files at system startup, system shutdown and during abort recovery efforts. If the DBMS does not verify the trustworthiness of these files, it is... |
| V-15108 | Medium | Privileges assigned to developers on shared production and development DBMS hosts and the DBMS should be monitored every three months or more frequently for unauthorized changes. | The developer role does not include need-to-know or administrative privileges to production databases. Assigning excess privileges can lead to unauthorized access to sensitive data or compromise... |
| V-15112 | Low | The DBMS should be periodically tested for vulnerability management and IA compliance. | The DBMS security configuration may be altered either intentionally or unintentionally over time. The DBMS may also be the subject of published vulnerabilities that require the installation of a... |
| V-3728 | Low | Unused database components, database application software, and database objects should be removed from the DBMS system. | Unused, unnecessary DBMS components increase the attack surface for the DBMS by introducing additional targets for attack. By minimizing the services and applications installed on the system, the... |
| V-3866 | Low | The Oracle Management Agent should be uninstalled if not required and authorized or is installed on a database accessible from the Internet. | The Oracle Management Agent (Oracle Intelligent Agent in earlier versions) provides the mechanism for local and/or remote management of the local Oracle Database by Oracle Enterprise Manager or... |
| V-15150 | Low | The DBMS requires a System Security Plan containing all required information. | A System Security Plan identifies security control applicability and configuration for the DBMS. It also contains security control documentation requirements. Security controls applicable to the... |
| V-16031 | Low | The Oracle listener.ora file should specify IP addresses rather than host names to identify hosts. | The use of IP address in place of host names helps to protect against malicious corruption or spoofing of host names. Use of static IP addresses is considered more stable and reliable than use of... |
| V-3805 | Low | Application software should be owned by a Software Application account. | File and directory ownership imparts full privileges to the owner. These privileges should be restricted to a single, dedicated account to preserve proper chains of ownership and privilege... |
| V-15622 | Low | DBMS service identification should be unique and clearly identifies the service. | Local or network services that do not employ unique or clearly identifiable targets can lead to inadvertent or unauthorized connections. |
| V-2420 | Low | Database executable and configuration files should be monitored for unauthorized modifications. | Changes to files in the DBMS software directory including executable, configuration, script, or batch files can indicate malicious compromise of the software files. Changes to non-executable... |
| V-3726 | Low | Configuration management procedures should be defined and implemented for database software modifications. | Uncontrolled, untested, or unmanaged changes result in an unreliable security posture. All changes to software libraries related to the database and its use need to be reviewed, considered, and... |
| V-15145 | Low | The DBMS restoration priority should be assigned. | When DBMS service is disrupted, the impact it has on the overall mission of the organization can be severe. Without proper assignment of the priority placed on restoration of the DBMS and its... |
| V-3845 | Low | OS DBA group membership should be restricted to authorized accounts. | Oracle SYSDBA privileges include privileges to administer the database outside of database controls (when the database is shut down) in addition to all privileges controlled under database... |
| V-15138 | Low | The DBMS IA policies and procedures should be reviewed annually or more frequently. | A regular review of current database security policies and procedures is necessary to maintain the desired security posture of the DBMS. Policies and procedures should be measured against current... |
| V-15611 | Low | The audit logs should be periodically monitored to discover DBMS access using unauthorized applications. | Regular and timely reviews of audit records increases the likelihood of early discovery of suspicious activity. Discovery of suspicious behavior can in turn trigger protection responses to... |
