STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

DISA Rule

SV-206568r617447_rule

Vulnerability Number

V-206568

Group Title

SRG-APP-000225

Rule Version

SRG-APP-000225-DB-000153

Severity

CAT II

CCI(s)

• CCI-001190 - The information system fails to an organization-defined known-state for organization-defined types of failures.

Weight

10

Fix Recommendation

Configure DBMS settings so that, in the event of a system failure, the DBMS will roll back open transactions to a consistent state, to include a security configuration that is at least as restrictive as before the system failure.

Check Contents

Check DBMS settings and vendor documentation to verify the DBMS properly handles transactions in the event of a system failure.

If open transactions are not rolled back to a consistent state during system failure, this is a finding.

The consistent state must include a security configuration that is at least as restrictive as before the system failure. If this is not guaranteed, this is a finding.

Vulnerability Number

V-206568

Documentable

False

Rule Version

SRG-APP-000225-DB-000153

Severity Override Guidance

Check DBMS settings and vendor documentation to verify the DBMS properly handles transactions in the event of a system failure.

If open transactions are not rolled back to a consistent state during system failure, this is a finding.

The consistent state must include a security configuration that is at least as restrictive as before the system failure. If this is not guaranteed, this is a finding.

Check Content Reference

M

Target Key

2902

Comments