STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The system must protect audit tools from unauthorized modification.

DISA Rule

SV-220281r395832_rule

Vulnerability Number

V-220281

Group Title

SRG-APP-000122-DB-000203

Rule Version

O121-C2-009700

Severity

CAT II

CCI(s)

• CCI-001494 - The information system protects audit tools from unauthorized modification.

Weight

10

Fix Recommendation

Add or modify access controls and permissions to tools used to view or modify audit log data. Tools must be modifiable by authorized personnel only.

Check Contents

Review access permissions to tools used to view or modify audit log data. These tools may include the DBMS itself or tools external to the database.

If appropriate permissions and access controls are not applied to prevent unauthorized modification of these tools, this is a finding.

Vulnerability Number

V-220281

Documentable

False

Rule Version

O121-C2-009700

Severity Override Guidance

Review access permissions to tools used to view or modify audit log data. These tools may include the DBMS itself or tools external to the database.

If appropriate permissions and access controls are not applied to prevent unauthorized modification of these tools, this is a finding.

Check Content Reference

M

Target Key

4059

Comments