UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DBMS authentication should require use of a DoD PKI certificate.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3810 DG0065-ORACLE11 SV-25026r1_rule IATS-1 IATS-2 Medium
Description
In a properly configured DBMS, access controls defined for data access and DBMS management actions are assigned based on the user identity and job function. Unauthenticated or falsely authenticated access leads directly to the potential unauthorized access, misuse and lost accountability of data and activities within the DBMS. Use of PKI certificates for authentication to the DBMS provides a robust mechanism to ensure identity to authorize access to the DBMS.
STIG Date
Oracle Database 11g Instance STIG 2015-03-26

Details

Check Text ( C-1055r1_chk )
If user access to the DBMS is via a portal or mid-tier system or product and PKI-authentication occurs at the portal/mid-tier, this check is Not a Finding.

Review the list of all DBMS accounts and their authentication methods.

This list is usually available from a system view or table and is easily gained from a simple SQL query.

If any accounts are listed with an authentication method other than a PKI certificate, this is a Finding.

For MAC 3 systems, if identification and authentication is not accomplished using the DoD PKI Class 3 certificate and hardware security token (when available) at minimum, this is a Finding.

For MAC 1 and 2 systems, if identification and authentication is not accomplished using the DoD PKI Class 3 or 4 certificate and hardware security token (when available) or an NSA-certified product at minimum, this is a Finding.
Fix Text (F-2540r1_fix)
Implement PKI authentication for all accounts defined within the database where applicable.

Applications may use host system (server) certificates to authenticate.

For MAC 3 systems, use of the DoD PKI Class 3 certificate and hardware security token (when available) at minimum is required.

For MAC 1 and 2 systems, use of the DoD PKI Class 3 or 4 certificate and hardware security token (when available) or an NSA-certified product at minimum is required.