UCF STIG Viewer Logo

The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6767 DG0007-ORACLE11 SV-30742r1_rule Medium
Description
DBMS systems that do not follow DoD, vendor and/or public best security practices are vulnerable to related published vulnerabilities. A DoD reference document such as a security technical implementation guide or security recommendation guide constitutes the primary source for security configuration or implementation guidance for the deployment of newly acquired IA- and IA-enabled IT products that require use of the product's IA capabilities.
STIG Date
Oracle Database 11g Installation STIG 2017-06-29

Details

Check Text ( C-31152r1_chk )
Review security and administration documentation maintained for the DBMS system for indications that security guidance has been applied to the DBMS system.

If DoD security guidance is not available, the following are acceptable in descending order as available:
(1) Commercially accepted practices (e.g., SANS);
(2) Independent testing results (e.g., ICSA); or
(3) Vendor literature

If the DBMS system has not been secured using available security guidance as listed above, this is a Finding.
Fix Text (F-27645r1_fix)
Apply available security guidance to the DBMS system.

If DoD security guidance is not available, the following are acceptable in descending order as available:
(1) Commercially accepted practices (e.g., SANS);
(2) Independent testing results (e.g., ICSA); or
(3) Vendor literature