UCF STIG Viewer Logo

Credentials stored and used by the DBMS to access remote databases or applications must be authorized and restricted to authorized users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-61507 O121-BP-025200 SV-75997r1_rule Medium
Description
Credentials defined for access to remote databases or applications may provide unauthorized access to additional databases and applications to unauthorized or malicious users.
STIG Date
Oracle Database 12c Security Technical Implementation Guide 2017-06-30

Details

Check Text ( C-62379r1_chk )
Review the list of defined database links generated from the DBMS.

Compare to the list in the System Security Plan with the DBA.

If no database links are listed in the database and in the System Security Plan, this check is not a finding.

If any database links are defined in the DBMS, verify the authorization for the definition in the System Security Plan.

If any database links exist that are not authorized or not listed in the System Security Plan, this is a finding.
Fix Text (F-67423r1_fix)
Grant access to database links to authorized users or applications only.

Document all database links access authorizations in the System Security Plan.