STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must enforce access restrictions associated with changes to the configuration of the DBMS or database(s).

DISA Rule

SV-206597r617447_rule

Vulnerability Number

V-206597

Group Title

SRG-APP-000380

Rule Version

SRG-APP-000380-DB-000360

Severity

CAT II

CCI(s)

• CCI-001813 - The information system enforces access restrictions.

Weight

10

Fix Recommendation

Deploy a DBMS capable of enforcing access restrictions associated with changes to the configuration of the DBMS or database(s).

Configure the DBMS to enforce access restrictions associated with changes to the configuration of the DBMS or database(s).

Check Contents

Review DBMS vendor documentation with respect to its ability to enforce access restrictions associated with changes to the configuration of the DBMS or database(s).

If it is not able to do this, this is a finding.

Review the security configuration of the DBMS and database(s).

If it does not enforce access restrictions associated with changes to the configuration of the DBMS or database(s), this is a finding.

Vulnerability Number

V-206597

Documentable

False

Rule Version

SRG-APP-000380-DB-000360

Severity Override Guidance

Review DBMS vendor documentation with respect to its ability to enforce access restrictions associated with changes to the configuration of the DBMS or database(s).

If it is not able to do this, this is a finding.

Review the security configuration of the DBMS and database(s).

If it does not enforce access restrictions associated with changes to the configuration of the DBMS or database(s), this is a finding.

Check Content Reference

M

Target Key

2902

Comments