Remote DBMS administration must be documented and authorized or disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-61523 | O121-BP-026000 | SV-76013r1_rule | Medium |
| Description |
|---|
| Remote administration may expose configuration and sensitive data to unauthorized viewing during transit across the network or allow unauthorized administrative access to the DBMS to remote users. |
| STIG | Date |
|---|---|
| Oracle Database 12c Security Technical Implementation Guide | 2015-12-21 |
Details
| Check Text ( C-62395r1_chk ) |
|---|
| Review the System Security Plan for authorization, assignments and usage procedures for remote DBMS administration. If remote administration of the DBMS is not documented or poorly documented, this is a finding. If remote administration of the DBMS is not authorized and not disabled, this is a finding. |
| Fix Text (F-67439r1_fix) |
|---|
| Disable remote administration of the DBMS where not required. Where remote administration of the DBMS is required, develop, document and implement policy and procedures on its use. Assign remote administration privileges to ISSO-authorized personnel only. Document assignments in the System Security Plan. |