STIGQter STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.

DISA Rule

SV-206596r617447_rule

Vulnerability Number

V-206596

Group Title

SRG-APP-000378

Rule Version

SRG-APP-000378-DB-000365

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Document and obtain approval for any non-administrative users who require the ability to create, alter or replace logic modules.

Implement the approved permissions. Revoke any unapproved permissions.

Check Contents

If the DBMS supports only software development, experimentation and/or developer-level testing (that is, excluding production systems, integration testing, stress testing, and user acceptance testing), this is not a finding.

Review the DBMS and database security settings with respect to non-administrative users' ability to create, alter, or replace logic modules, to include but not necessarily only stored procedures, functions, triggers, and views.

If any such permissions exist and are not documented and approved, this is a finding.

Vulnerability Number

V-206596

Documentable

False

Rule Version

SRG-APP-000378-DB-000365

Severity Override Guidance

If the DBMS supports only software development, experimentation and/or developer-level testing (that is, excluding production systems, integration testing, stress testing, and user acceptance testing), this is not a finding.

Review the DBMS and database security settings with respect to non-administrative users' ability to create, alter, or replace logic modules, to include but not necessarily only stored procedures, functions, triggers, and views.

If any such permissions exist and are not documented and approved, this is a finding.

Check Content Reference

M

Target Key

2902

Comments