STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

DISA Rule

SV-206567r617447_rule

Vulnerability Number

V-206567

Group Title

SRG-APP-000224

Rule Version

SRG-APP-000224-DB-000384

Severity

CAT II

CCI(s)

• CCI-001188 - The information system generates unique session identifiers for each session with organization-defined randomness requirements.

Weight

10

Fix Recommendation

Utilize a DBMS product that can provide demonstrably effective protection against man-in-the-middle attacks that guess at session identifier values.

Configure DBMS settings to enable protections against man-in-the-middle attacks that guess at session identifier values.

Check Contents

Review DBMS vendor documentation and system behavior (and if necessary, consult vendor representatives) to determine whether the DBMS can provide demonstrably effective protection against man-in-the-middle attacks that guess at session identifier values.

If not, this is a finding.

Review DBMS settings to determine whether protections against man-in-the-middle attacks that guess at session identifier values are enabled.

If they are not, this is a finding.

Vulnerability Number

V-206567

Documentable

False

Rule Version

SRG-APP-000224-DB-000384

Severity Override Guidance

Review DBMS vendor documentation and system behavior (and if necessary, consult vendor representatives) to determine whether the DBMS can provide demonstrably effective protection against man-in-the-middle attacks that guess at session identifier values.

If not, this is a finding.

Review DBMS settings to determine whether protections against man-in-the-middle attacks that guess at session identifier values are enabled.

If they are not, this is a finding.

Check Content Reference

M

Target Key

2902

Comments