STIGQter STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Access grants to sensitive data should be restricted to authorized user roles.

DISA Rule

SV-24798r1_rule

Vulnerability Number

V-15642

Group Title

DBMS access to sensitive data

Rule Version

DG0138-ORACLE11

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Define, document and implement all sensitive data access controls based on job function in the System Security Plan.

Check Contents

If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this check is Not a Finding.

if no identified sensitive or classified data requires encryption by the Information Owner in the System Security Plan and/or AIS Functional Architecture documentation, this check is Not a Finding.

Review data access requirements for sensitive data as identified and assigned by the Information Owner in the System Security Plan.

Review the access controls for sensitive data configured in the database.

If the configured access controls do not match those defined in the System Security Plan, this is a Finding.

Vulnerability Number

V-15642

Documentable

False

Rule Version

DG0138-ORACLE11

Severity Override Guidance

If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this check is Not a Finding.

if no identified sensitive or classified data requires encryption by the Information Owner in the System Security Plan and/or AIS Functional Architecture documentation, this check is Not a Finding.

Review data access requirements for sensitive data as identified and assigned by the Information Owner in the System Security Plan.

Review the access controls for sensitive data configured in the database.

If the configured access controls do not match those defined in the System Security Plan, this is a Finding.

Check Content Reference

I

Responsibility

Database Administrator

Target Key

1367

Comments