UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Sensitive data should be labeled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15616 DG0087-ORACLE11 SV-24393r2_rule ECML-1 Low
Description
The sensitivity marking or labeling of data items promotes the correct handling and protection of the data. Without such notification, the user may unwittingly disclose sensitive data to unauthorized users.
STIG Date
Oracle Database 11g Instance STIG 2015-03-26

Details

Check Text ( C-17063r2_chk )
If database does not contain sensitive data, this check is Not a Finding.

If Oracle Label Security is not installed and database contains sensitive data, this is a Finding.

From SQL*Plus:
select * from DBA_SA_USERS;

Compare results to the requirements for labeling as specified in the System Security Plan.

If label security is not configured as specified in the System Security Plan, this is a Finding.
Fix Text (F-2587r1_fix)
Develop, document and implement label security requirements.

Install and configure label security in accordance with the System Security Plan.

Monitor and audit changes to the label security configuration.