STIGQter STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The DBMS must automatically terminate emergency accounts after an organization-defined time period for each type of account.

DISA Rule

SV-237741r667255_rule

Vulnerability Number

V-237741

Group Title

SRG-APP-000516-DB-000363

Rule Version

O121-C2-018600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Create a profile specifically for emergency or temporary accounts. When creating the accounts, assign them to this profile. Configure DBMS, OS, and/or enterprise-level authentication/access mechanisms, or implement custom code, to terminate accounts with this profile after an organization-defined time period.

Check Contents

If the organization has a policy, consistently enforced, forbidding the creation of emergency or temporary accounts, this is not a finding.

Check DBMS settings, OS settings, and/or enterprise-level authentication/access mechanisms settings to determine if emergency accounts are being automatically terminated by the system after an organization-defined time period. Check also for custom code (scheduled jobs, procedures, triggers, etc.) for achieving this.

If emergency accounts are not being terminated after an organization-defined time period, this is a finding.

Vulnerability Number

V-237741

Documentable

False

Rule Version

O121-C2-018600

Severity Override Guidance

If the organization has a policy, consistently enforced, forbidding the creation of emergency or temporary accounts, this is not a finding.

Check DBMS settings, OS settings, and/or enterprise-level authentication/access mechanisms settings to determine if emergency accounts are being automatically terminated by the system after an organization-defined time period. Check also for custom code (scheduled jobs, procedures, triggers, etc.) for achieving this.

If emergency accounts are not being terminated after an organization-defined time period, this is a finding.

Check Content Reference

M

Target Key

4059

Comments