STIGQter STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The DBMS must isolate security functions from nonsecurity functions by means of separate security domains.

DISA Rule

SV-220298r397747_rule

Vulnerability Number

V-220298

Group Title

SRG-APP-000233-DB-000124

Rule Version

O121-C2-018500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Locate security-related database objects and code in a separate database, schema, or other separate security domain from database objects and code implementing application logic. (This is the default behavior for Oracle.) Review any site-specific applications security modules built into the database: determine what schema they are located in and take appropriate action.

Check Contents

Check DBMS settings to determine whether objects or code implementing security functionality are located in a separate security domain, such as a separate database or schema created specifically for security functionality.

If security-related database objects or code are not kept separate, this is a finding.

The Oracle elements of security functionality, such as the roles, permissions, and profiles, along with password complexity requirements, are stored in separate schemas in the database. Review any site-specific applications security modules built into the database and determine what schema they are located in and take appropriate action. The Oracle objects will be in the Oracle Data Dictionary.

Vulnerability Number

V-220298

Documentable

False

Rule Version

O121-C2-018500

Severity Override Guidance

Check DBMS settings to determine whether objects or code implementing security functionality are located in a separate security domain, such as a separate database or schema created specifically for security functionality.

If security-related database objects or code are not kept separate, this is a finding.

The Oracle elements of security functionality, such as the roles, permissions, and profiles, along with password complexity requirements, are stored in separate schemas in the database. Review any site-specific applications security modules built into the database and determine what schema they are located in and take appropriate action. The Oracle objects will be in the Oracle Data Dictionary.

Check Content Reference

M

Target Key

4059

Comments