STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-24630r1_rule
V-15611
DBMS software access audit review
DG0054-ORACLE11
CAT III
10
Document applications authorized to access the DBMS in the System Security Plan.
Develop, document and implement a process to review log and trace files or the results from any alternate methods used to support database access auditing to detect connections from unauthorized applications.
Include in this process a method to generate and provide evidence of monitoring.
This may include automated or manual processes acknowledged by the auditor or IAO.
If application access audit data is not available due to the lack of a local listener process or alternate method of auditing database access, this check is Not a Finding (see check DG0052).
Review the list of applications authorized to connect to the Oracle database as listed or noted in the System Security Plan.
If no list exists, this is a Finding.
Review evidence of audit log monitoring to detect use of unauthorized applications to access the database.
If no evidence exists or is incomplete, this is a Finding.
V-15611
False
DG0054-ORACLE11
If application access audit data is not available due to the lack of a local listener process or alternate method of auditing database access, this check is Not a Finding (see check DG0052).
Review the list of applications authorized to connect to the Oracle database as listed or noted in the System Security Plan.
If no list exists, this is a Finding.
Review evidence of audit log monitoring to detect use of unauthorized applications to access the database.
If no evidence exists or is incomplete, this is a Finding.
M
Information Assurance Officer
1368