STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Use of the DBMS software installation account must be restricted.

DISA Rule

SV-238480r667614_rule

Vulnerability Number

V-238480

Group Title

SRG-APP-000133-DB-000198

Rule Version

O112-OS-004600

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

Restrict interactive use of the DBMS software installation account to DBMS software installation, upgrade, and maintenance actions only.

If possible, disable the installation accounts when authorized actions are not being performed. Otherwise, disable the use of the account(s) for interactive activity.

Check Contents

Review system documentation to identify the installation account.

Verify whether the account is used for anything involving interactive activity beyond DBMS software installation, upgrade, and maintenance actions.

If the account is used for anything involving interactive activity beyond DBMS software installation, upgrade, and maintenance actions, this is a finding.

Vulnerability Number

V-238480

Documentable

False

Rule Version

O112-OS-004600

Severity Override Guidance

Review system documentation to identify the installation account.

Verify whether the account is used for anything involving interactive activity beyond DBMS software installation, upgrade, and maintenance actions.

If the account is used for anything involving interactive activity beyond DBMS software installation, upgrade, and maintenance actions, this is a finding.

Check Content Reference

M

Target Key

4057

Comments