STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The database should not be directly accessible from public or unauthorized networks.

DISA Rule

SV-24449r1_rule

Vulnerability Number

V-15122

Group Title

DBMS network perimeter protection

Rule Version

DG0186-ORACLE11

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Do not allow direct connections from users originating from the Internet or other public network to the DBMS.

Include in the System Security Plan for the system whether the DBMS serves public-facing applications or applications serving users from other untrusted networks.

Do not store sensitive or classified data on a DBMS server that serves public-facing applications.

Check Contents

Review the System Security Plan to determine if the DBMS serves data to users or applications outside the local enclave.

If the DBMS is not accessed outside of the local enclave, this check is Not a Finding.

If the DBMS serves applications available from a public network (e.g. the Internet), then confirm that the application servers are located in a DMZ.

If the DBMS is located inside the local enclave and is directly accessible to public users, this is a Finding.

If the DBMS serves public-facing applications and is not protected from direct client connections and unauthorized networks, this is a Finding.

If the DBMS serves public-facing applications and contains sensitive or classified information, this is a Finding.

The database should not be directly accessible from public or unauthorized networks.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments