STIGQter STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: The IDLE_TIME profile parameter should be set for Oracle profiles IAW DoD policy.

DISA Rule

SV-24564r2_rule

Vulnerability Number

V-2552

Group Title

Oracle IDLE_TIME profile parameter

Rule Version

DO3536-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Modify profiles to meet the idle time requirement.

From SQL*Plus:

alter profile default limit idle_time 15;
alter profile [profile name] limit idle_time [IAO-approved value];

Authorize and document any profiles that require idle times greater than 15 minutes in the System Security Plan.

Check Contents

From SQL*Plus:

select profile, limit from DBA_PROFILES
where profile = ’DEFAULT’
and resource_name = ’IDLE_TIME’;

select profile, limit from DBA_PROFILES
where profile <> ’DEFAULT’
and resource_name = ’IDLE_TIME’;

If the idle time on the DEFAULT profile is greater than 15 minutes, this is a Finding.

If any non-default profiles have an idle time setting greater than 60 minutes or are set to an UNLIMITED value and not documented in the System Security Plan or not authorized by the IAO, this is a Finding.

Vulnerability Number

V-2552

Documentable

False

Rule Version

DO3536-ORACLE11

Severity Override Guidance

From SQL*Plus:

select profile, limit from DBA_PROFILES
where profile = ’DEFAULT’
and resource_name = ’IDLE_TIME’;

select profile, limit from DBA_PROFILES
where profile <> ’DEFAULT’
and resource_name = ’IDLE_TIME’;

If the idle time on the DEFAULT profile is greater than 15 minutes, this is a Finding.

If any non-default profiles have an idle time setting greater than 60 minutes or are set to an UNLIMITED value and not documented in the System Security Plan or not authorized by the IAO, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments