STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Each database user, application or process should have an individually assigned account.

DISA Rule

SV-24663r1_rule

Vulnerability Number

V-15613

Group Title

DBMS individual accounts

Rule Version

DG0078-ORACLE11

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Create individual accounts for each user, application, or other process that requires a database connection.

Document any accounts that are shared where separation is not supported by the application or for maintenance support.

Design, develop and implement a method to log use of any account to which more than one person has access.

Restrict interactive access to shared accounts to the fewest persons possible.

Check Contents

Review DBMS account names against the list of authorized DBMS accounts in the System Security Plan.

If any accounts indicate use by mulitiple persons that are not mapped to a specific person, this is a Finding.

If any applications or processes share an account that could be assigned an individual account or are not specified as requiring a shared account, this is a Finding.

Note: Privileged installation accounts may be required to be accessed by DBA or other administrators for system maintenance. In these cases, each use of the account must be logged in some manner to assign accountability for any actions taken during the use of the account.

Each database user, application or process should have an individually assigned account.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments