STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted.

DISA Rule

SV-219841r533064_rule

Vulnerability Number

V-219841

Group Title

SRG-APP-000516-DB-000363

Rule Version

O121-BP-023000

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure communications between the DBMS and remote applications/application servers to use DoD-approved encryption.

Check Contents

Review the System Security Plan for remote applications that access and use the database.

For each remote application or application server, determine whether communications between it and the DBMS are encrypted. If any are not encrypted, this is a finding.

Vulnerability Number

V-219841

Documentable

False

Rule Version

O121-BP-023000

Severity Override Guidance

Review the System Security Plan for remote applications that access and use the database.

For each remote application or application server, determine whether communications between it and the DBMS are encrypted. If any are not encrypted, this is a finding.

Check Content Reference

M

Target Key

4059

Comments