STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

A minimum of two Oracle control files should be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.

DISA Rule

SV-24887r1_rule

Vulnerability Number

V-2521

Group Title

Oracle control file availability

Rule Version

DO0260-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

To prevent loss of service during disk failure, multiple copies of Oracle control files should be maintained on separate disks in archived directories or on separate, archived directories within one or more RAID devices.

Adding or moving a control file requires careful planning and execution.

Please consult and follow the instructions for creating control files in the Oracle Database Administrator's Guide, under Steps for Creating New Control Files.

Check Contents

From SQL*Plus:

select name from v$controlfile;

DoD guidance recommends:

1. A minimum of two distinct control files for each Oracle Database Instance.
2a. Each control file is to be located on separate, archived physical storage devices

OR

2b. Each control file is to be located on separate, archived directories within one or more RAID devices

3. The Logical Paths for each control file should differ at the highest level supported by your configuration, for example:

UNIX
/ora03/app/oracle/{SID}/control/control01.ctl
/ora04/app/oracle/{SID}/control/control02.ctl

Windows
D:/oracle/{SID}/control/control01.ctl
E:/oracle/{SID}/control/control02.ctl

If this minimum listed above is not met, this is a Finding.

Consult with the SA or DBA to determine that the mount points or partitions referenced in the file paths indicate separate physical disks or directories on RAID devices.

NOTE: Distinct does not equal dedicated. You may share directory space with other Oracle database instances if present.

Vulnerability Number

V-2521

Documentable

False

Rule Version

DO0260-ORACLE11

Severity Override Guidance

From SQL*Plus:

select name from v$controlfile;

DoD guidance recommends:

1. A minimum of two distinct control files for each Oracle Database Instance.
2a. Each control file is to be located on separate, archived physical storage devices

OR

2b. Each control file is to be located on separate, archived directories within one or more RAID devices

3. The Logical Paths for each control file should differ at the highest level supported by your configuration, for example:

UNIX
/ora03/app/oracle/{SID}/control/control01.ctl
/ora04/app/oracle/{SID}/control/control02.ctl

Windows
D:/oracle/{SID}/control/control01.ctl
E:/oracle/{SID}/control/control02.ctl

If this minimum listed above is not met, this is a Finding.

Consult with the SA or DBA to determine that the mount points or partitions referenced in the file paths indicate separate physical disks or directories on RAID devices.

NOTE: Distinct does not equal dedicated. You may share directory space with other Oracle database instances if present.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1367

Comments