Audit records must include the reason for blacklisting or disabling DBMS connections or accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-61521 | O121-BP-025900 | SV-76011r1_rule | Medium |
| Description |
|---|
| Records of any disabling or locking of account actions taken by the DBMS can contain information valuable to decisions to employ additional responsive actions. |
| STIG | Date |
|---|---|
| Oracle Database 12c Security Technical Implementation Guide | 2015-12-21 |
Details
| Check Text ( C-62393r1_chk ) |
|---|
| Review audit settings for disabling or locking account events based on event failures. If the settings are not configured to include the cause of the lock or disabling, this is a finding. |
| Fix Text (F-67437r1_fix) |
|---|
| Determine and implement audit settings that will collect and store the cause of any DBMS account or connection lock or disabling actions taken by the DBMS. |