STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Oracle SQL92_SECURITY parameter must be set to TRUE.

DISA Rule

SV-219704r401224_rule

Vulnerability Number

V-219704

Group Title

SRG-APP-000516-DB-000363

Rule Version

O112-BP-022100

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Enable SQL92 security.

From SQL*Plus:

alter system set sql92_security = TRUE scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.

Check Contents

From SQL*Plus:

select value from v$parameter where name = 'sql92_security';

If the value returned is set to FALSE, this is a Finding.

If the parameter is set to TRUE or does not exist, this is Not a Finding.

Vulnerability Number

V-219704

Documentable

False

Rule Version

O112-BP-022100

Severity Override Guidance

From SQL*Plus:

select value from v$parameter where name = 'sql92_security';

If the value returned is set to FALSE, this is a Finding.

If the parameter is set to TRUE or does not exist, this is Not a Finding.

Check Content Reference

M

Target Key

4057

Comments