STIGQter STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must require users to re-authenticate when organization-defined circumstances or situations require re-authentication.

DISA Rule

SV-206600r617447_rule

Vulnerability Number

V-206600

Group Title

SRG-APP-000389

Rule Version

SRG-APP-000389-DB-000372

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Modify and/or configure the DBMS and related applications and tools so that users are always required to re-authenticate when changing role or escalating privileges.

Modify and/or configure the DBMS and related applications and tools so that users are always required to re-authenticate when the specified cases needing reauthorization occur.

Check Contents

Review the system documentation and the configuration of the DBMS and related applications and tools.

If there are any circumstances under which a user is not required to re-authenticate when changing role or escalating privileges, this is a finding.

If the information owner has identified additional cases where re-authentication is needed, but there are circumstances where the system does not ask the user to re-authenticate when those cases occur, this is a finding.

Vulnerability Number

V-206600

Documentable

False

Rule Version

SRG-APP-000389-DB-000372

Severity Override Guidance

Review the system documentation and the configuration of the DBMS and related applications and tools.

If there are any circumstances under which a user is not required to re-authenticate when changing role or escalating privileges, this is a finding.

If the information owner has identified additional cases where re-authentication is needed, but there are circumstances where the system does not ask the user to re-authenticate when those cases occur, this is a finding.

Check Content Reference

M

Target Key

2902

Comments