UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All use of privileged accounts must be audited.


Overview

Finding ID Version Rule ID IA Controls Severity
V-61595 O121-C2-004200 SV-76085r2_rule Medium
Description
This is intended to limit exposure, by making it possible to trace any unauthorized access, by a privileged user account or role that has permissions on security functions or security-relevant information, to other data or functionality.
STIG Date
Oracle Database 12c Security Technical Implementation Guide 2017-06-30

Details

Check Text ( C-62467r3_chk )
Review auditing configuration.

If it is possible for a privileged user/role to access non-security functions or information without having the action recorded in the audit log, this is a finding.

To obtain a list of unified auditing policies that have been defined, run the query:
SELECT unique policy_name from AUDIT_UNIFIED_POLICIES;

To obtain a list of unified auditing policies that have been enabled and the users for which it has been enabled, run the query:
SELECT unique policy_name, user_name from AUDIT_UNIFIED_ENABLED_POLICIES;

Unless otherwise required, verify that user_name is set to 'ALL USERS' to insure that the activity of administrative users is being logged.
Fix Text (F-67511r1_fix)
Configure DBMS auditing so that all use of privileged accounts is recorded in the audit log.