STIGQter STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Access to DBMS security data should be audited.

DISA Rule

SV-24432r1_rule

Vulnerability Number

V-15643

Group Title

DBMS security data access

Rule Version

DG0140-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Determine all locations for storage of DBMS security and configuration data. Enable auditing for access to any security data. If auditing results in an unacceptable adverse impact on application operation, reduce the amount of auditing to a reasonable and acceptable level. Document any incomplete audit with acceptance of the risk of incomplete audit in the System Security Plan.

Check Contents

Determine the locations of DBMS audit, configuration, credential and other security data. Review audit settings for these files or data objects.

If access to the security data is not audited, this is a Finding.

If no access is audited, consider the operational impact and appropriateness for access that is not audited.

If the risk for incomplete auditing of the security files is reasonable and documented in the System Security Plan, then do not include this as a Finding.

Vulnerability Number

V-15643

Documentable

False

Rule Version

DG0140-ORACLE11

Severity Override Guidance

Determine the locations of DBMS audit, configuration, credential and other security data. Review audit settings for these files or data objects.

If access to the security data is not audited, this is a Finding.

If no access is audited, consider the operational impact and appropriateness for access that is not audited.

If the risk for incomplete auditing of the security files is reasonable and documented in the System Security Plan, then do not include this as a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments