STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:SV-206556r617447_rule
V-206556
SRG-APP-000171
SRG-APP-000171-DB-000074
CAT II
10
Develop, document, and maintain a list of DBMS database objects, database configuration files, associated scripts, applications defined within or external to the DBMS that access the database, and DBMS/user environment files/settings in the System Security Plan.
Record whether they do or do not contain DBMS passwords. If passwords are present, ensure that they are correctly hashed using one-way, salted hashing functions, and that the hashes are protected by host system security.
Review the list of DBMS database objects, database configuration files, associated scripts, and applications defined within and external to the DBMS that access the database. The list should also include files or settings used to configure the operational environment for the DBMS and for interactive DBMS user accounts.
Determine whether any DBMS database objects, database configuration files, associated scripts, applications defined within or external to the DBMS that access the database, and DBMS/user environment files/settings contain database passwords. If any do, confirm that DBMS passwords stored internally or externally to the DBMS are hashed using FIPS-approved cryptographic algorithms and include a salt. If any passwords are stored in clear text, this is a finding. If any passwords are stored with reversible encryption, this is a finding. If any passwords are stored using unsalted hashes, this is a finding.
V-206556
False
SRG-APP-000171-DB-000074
Review the list of DBMS database objects, database configuration files, associated scripts, and applications defined within and external to the DBMS that access the database. The list should also include files or settings used to configure the operational environment for the DBMS and for interactive DBMS user accounts.
Determine whether any DBMS database objects, database configuration files, associated scripts, applications defined within or external to the DBMS that access the database, and DBMS/user environment files/settings contain database passwords. If any do, confirm that DBMS passwords stored internally or externally to the DBMS are hashed using FIPS-approved cryptographic algorithms and include a salt. If any passwords are stored in clear text, this is a finding. If any passwords are stored with reversible encryption, this is a finding. If any passwords are stored using unsalted hashes, this is a finding.
M
2902