UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15106 DG0086-ORACLE11 SV-24675r1_rule Medium
Description
Excess privilege assignment can lead to intentional or unintentional unauthorized actions. Such actions may compromise the operation or integrity of the DBMS and its data. Monitoring assigned privileges assists in the detection of unauthorized privilege assignment. The DBA role is assigned privileges that allow DBAs to modify privileges assigned to them. Ensure that the DBA Role is monitored for any unauthorized changes.
STIG Date
Oracle Database 11g Installation STIG 2017-06-29

Details

Check Text ( C-29192r1_chk )
Review documented procedures and implementation evidence of DBA role privilege monitoring.

If procedures are not documented or noted in the System Security Plan or are not complete, this is a Finding.

If evidence of implementation for monitoring does not exist, this is a Finding.

If monitoring does not occur monthly (~30 days) or more often, this is a Finding.
Fix Text (F-26208r1_fix)
Design, document and implement procedures for monitoring DBA role privilege assignments.

Grant the DBA role the minimum privileges required to perform administrative functions.

Establish monitoring of DBA role privileges monthly or more often.