STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Sensitive data should be labeled.

DISA Rule

SV-24393r2_rule

Vulnerability Number

V-15616

Group Title

DBMS sensitive data labeling

Rule Version

DG0087-ORACLE11

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop, document and implement label security requirements.

Install and configure label security in accordance with the System Security Plan.

Monitor and audit changes to the label security configuration.

Check Contents

If database does not contain sensitive data, this check is Not a Finding.

If Oracle Label Security is not installed and database contains sensitive data, this is a Finding.

From SQL*Plus:
select * from DBA_SA_USERS;

Compare results to the requirements for labeling as specified in the System Security Plan.

If label security is not configured as specified in the System Security Plan, this is a Finding.

Vulnerability Number

V-15616

Documentable

False

Rule Version

DG0087-ORACLE11

Severity Override Guidance

If database does not contain sensitive data, this check is Not a Finding.

If Oracle Label Security is not installed and database contains sensitive data, this is a Finding.

From SQL*Plus:
select * from DBA_SA_USERS;

Compare results to the requirements for labeling as specified in the System Security Plan.

If label security is not configured as specified in the System Security Plan, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments