UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Unauthorized user accounts should not exist.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2508 DG0070-ORACLE11 SV-24647r1_rule IAAC-1 Medium
Description
Unauthorized user accounts provide unauthorized access to the database and may allow access to database objects. Only authorized users should be granted database accounts.
STIG Date
Oracle Database 11g Instance STIG 2015-03-26

Details

Check Text ( C-29171r1_chk )
Review procedures for ensuring authorization of new or re-assigned DBMS user accounts.

Requests for user account access to the DBMS should include documented approval by an authorized requestor.

Procedures should also include notification for a change in status, particularly cause for revocation of account access, to any DBMS accounts.

Review the user accounts listed either in the script report or manually against the authorized user list.

From SQL*Plus:
select username from dba_users order by username;

If procedures for DBMS user account authorization are incomplete or not implemented, this is a Finding.

If any accounts listed are not clearly authorized, this is a Finding.
Fix Text (F-26183r1_fix)
Develop, document and implement procedures for authorizing creation, changes and deletions of user accounts.

Monitor user accounts to verify that they remain authorized.