UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Sensitive data is stored in the database and should be identified in the System Security Plan and AIS Functional Architecture documentation.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15144 DG0107-ORACLE11 SV-24710r1_rule Medium
Description
A DBMS that does not have the correct confidentiality level identified or any confidentiality level assigned is not being secured at a level appropriate to the risk it poses.
STIG Date
Oracle Database 11g Installation STIG 2016-12-14

Details

Check Text ( C-29345r1_chk )
If no sensitive or classified data is stored in the database, listed in the System Security Plan and listed in the AIS Functional Architecture documentation, this check is Not a Finding.

Review AIS Functional Architecture documentation for the DBMS and note any sensitive data that is identified.

Review database table column data or descriptions that indicate sensitive data.

For example, a data column labeled "SSN" could indicate social security numbers are stored in the column.

Question the IAO or DBA where any questions arise.

General categories of sensitive data requiring identification include any personal data (health, financial, social security number and date of birth), proprietary or financially sensitive business data or data that might be classified.

If any data is considered sensitive and is not documented in the AISFA, this is a Finding.
Fix Text (F-26370r1_fix)
Include identification of any sensitive data in the AIS Functional Architecture and the System Security Plan.

Include data that appear to be sensitive with a discussion as to why it is not marked as such.