STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

A baseline of database application software should be documented and maintained.

DISA Rule

SV-24610r1_rule

Vulnerability Number

V-3806

Group Title

DBMS software and configuration baseline

Rule Version

DG0021-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop, document and implement DBMS software baseline procedures that include all DBMS software files and directories under the ORACLE_BASE and ORACLE_HOME environment variables and any custom and platform-specific directories.

Generate a list of files, directories and details for the DBMS software configuration baseline.

Update the configuration baseline after new installations, upgrades/updates or maintenance activities that include changes to the baseline software.

Check Contents

Review DBMS software baseline procedures and implementation evidence.

Review the list of files, directories and details included in the current baseline for completeness.

If DBMS software configuration baseline procedures do not exist, evidence of implementation does not exist, or baseline is not documented and current, this is a Finding.

Vulnerability Number

V-3806

Documentable

False

Rule Version

DG0021-ORACLE11

Severity Override Guidance

Review DBMS software baseline procedures and implementation evidence.

Review the list of files, directories and details included in the current baseline for completeness.

If DBMS software configuration baseline procedures do not exist, evidence of implementation does not exist, or baseline is not documented and current, this is a Finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1368

Comments