STIGQter STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: DBMS tools or applications that echo or require a password entry in clear text should be protected from password display.

DISA Rule

SV-24643r1_rule

Vulnerability Number

V-3813

Group Title

DBMS application password display

Rule Version

DG0068-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Review policy and instructions included or noted in the System Security Plan used to inform users and administrators not to enter database passwords at the command line.

Review documented and implemented procedures used to monitor the DBMS system for such activity.

If policy or instructions do not exist, proof of users and administrators being briefed does not exist or monitoring for compliance is not being performed to dissuade the practice of entering database passwords on the command line, this is a Finding.

Check Contents

Review policy and instructions included or noted in the System Security Plan used to inform users and administrators not to enter database passwords at the command line.

Review documented and implemented procedures used to monitor the DBMS system for such activity.

If policy or instructions do not exist, proof of users and administrators being briefed does not exist or monitoring for compliance is not being performed to dissuade the practice of entering database passwords on the command line, this is a Finding.

Vulnerability Number

V-3813

Documentable

False

Rule Version

DG0068-ORACLE11

Severity Override Guidance

Review policy and instructions included or noted in the System Security Plan used to inform users and administrators not to enter database passwords at the command line.

Review documented and implemented procedures used to monitor the DBMS system for such activity.

If policy or instructions do not exist, proof of users and administrators being briefed does not exist or monitoring for compliance is not being performed to dissuade the practice of entering database passwords on the command line, this is a Finding.

Check Content Reference

I

Responsibility

Database Administrator

Target Key

1368

Comments