STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Audit records should include the reason for blacklisting or disabling DBMS connections or accounts.

DISA Rule

SV-24976r1_rule

Vulnerability Number

V-15647

Group Title

DBMS connection block audit

Rule Version

DG0146-ORACLE11

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Determine and implement audit settings that will collect and store the cause of any DBMS account or connection lock or disabling actions taken by the DBMS.

Check Contents

Review audit settings for disabling or locking account events based on event failures.

If the settings are not configured to include the cause of the lock or disabling, this is a Finding.

Vulnerability Number

V-15647

Documentable

False

Rule Version

DG0146-ORACLE11

Severity Override Guidance

Review audit settings for disabling or locking account events based on event failures.

If the settings are not configured to include the cause of the lock or disabling, this is a Finding.

Audit records should include the reason for blacklisting or disabling DBMS connections or accounts.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments