STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

DBA roles assignments should be assigned and authorized by the IAO.

DISA Rule

SV-24979r1_rule

Vulnerability Number

V-15149

Group Title

DBMS DBA roles assignment approval

Rule Version

DG0153-ORACLE11

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop, document and implement procedures to ensure all DBA role assignments are authorized and assigned by the IAO.

Include methods that provide evidence of approval in the procedures.

Check Contents

Review the documented procedures for approval and granting of DBA privileges.

Review implementation evidence for the procedures.

If procedures do not exist or evidence that they are followed does not exist, this is a Finding.

Vulnerability Number

V-15149

Documentable

False

Rule Version

DG0153-ORACLE11

Severity Override Guidance

Review the documented procedures for approval and granting of DBA privileges.

Review implementation evidence for the procedures.

If procedures do not exist or evidence that they are followed does not exist, this is a Finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1367

Comments