STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

DBMS backup and restoration files must be protected from unauthorized access.

DISA Rule

SV-237722r667198_rule

Vulnerability Number

V-237722

Group Title

SRG-APP-000243-DB-000374

Rule Version

O121-C2-012500

Severity

CAT II

CCI(s)

• CCI-001090 - The information system prevents unauthorized and unintended information transfer via shared system resources.

Weight

10

Fix Recommendation

Implement protection for backup and restoration files. Document personnel and the level of access authorized for each to the backup and restoration files in the system documentation.

Check Contents

Review file protections assigned to online backup and restoration files. Review access protections and procedures for off-line backup and restoration files.

If backup or restoration files are subject to unauthorized access, this is a finding.

It may be necessary to review backup and restoration procedures to determine ownership and access during all phases of backup and recovery.

Vulnerability Number

V-237722

Documentable

False

Rule Version

O121-C2-012500

Severity Override Guidance

Review file protections assigned to online backup and restoration files. Review access protections and procedures for off-line backup and restoration files.

If backup or restoration files are subject to unauthorized access, this is a finding.

It may be necessary to review backup and restoration procedures to determine ownership and access during all phases of backup and recovery.

Check Content Reference

M

Target Key

4059

Comments