STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The DBMS should not share a host supporting an independent security service.

DISA Rule

SV-24717r1_rule

Vulnerability Number

V-15179

Group Title

DBMS host shared with a security service

Rule Version

DG0110-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Either move the DBMS installation to a dedicated host system or move the directory or security services to another host system.

A dedicated host system in this case refers to an instance of the operating system at a minimum.

The operating system may reside on a virtual host machine where supported by the DBMS vendor.

Check Contents

Review the services and processes active on the DBMS host system.

If the host system is a Windows domain controller, this is a Finding.

If the host system is supporting any other security or directory services that do not use the DBMS to store information, this is a Finding.

NOTE: This does not include client security applications like firewall and antivirus software.

Vulnerability Number

V-15179

Documentable

False

Rule Version

DG0110-ORACLE11

Severity Override Guidance

Review the services and processes active on the DBMS host system.

If the host system is a Windows domain controller, this is a Finding.

If the host system is supporting any other security or directory services that do not use the DBMS to store information, this is a Finding.

NOTE: This does not include client security applications like firewall and antivirus software.

Check Content Reference

I

Responsibility

Information Assurance Officer

Target Key

1368

Comments