STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-24442r2_rule
V-15657
DBMS classification level audit
DG0172-ORACLE11
CAT II
10
Define the policy for auditing changes to security labels defined for the data.
Document the audit requirements in the System Security Plan and configure database auditing in accordance with the policy.
If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this is not a finding.
If security labeling is not required, this is not a finding.
If no sensitive or classified data is identified by the Information Owner as requiring labeling in the System Security Plan and/or AIS Functional Architecture documentation, this is not a finding.
Run the SQL statement:
select * from dba_sa_audit_options;
If no records are returned or if output from the SQL statement above does not show classification labels being audited as required in the System Security Plan, this is a finding.
V-15657
False
DG0172-ORACLE11
If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this is not a finding.
If security labeling is not required, this is not a finding.
If no sensitive or classified data is identified by the Information Owner as requiring labeling in the System Security Plan and/or AIS Functional Architecture documentation, this is not a finding.
Run the SQL statement:
select * from dba_sa_audit_options;
If no records are returned or if output from the SQL statement above does not show classification labels being audited as required in the System Security Plan, this is a finding.
M
Database Administrator
1367