STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

OS accounts used to execute external procedures should be assigned minimum privileges.

DISA Rule

SV-25054r1_rule

Vulnerability Number

V-15620

Group Title

DBMS external procedure OS account privileges

Rule Version

DG0101-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure OS accounts used by DBMS external procedures to have the minimum privileges necessary for operation.

Document DBMS external procedures and OS privileges need to execute the procedures in the System Security Plan.

Check Contents

Determine which OS accounts external DBMS executables are run.

Review the privileges assigned to these accounts and compare them to the System Security Plan and the function of the applications.

If assigned privileges exceed those necessary to operate as designed or the privileges do not match the list of required privileges for the application in the System Security Plan, this is a Finding.

Vulnerability Number

V-15620

Documentable

False

Rule Version

DG0101-ORACLE11

Severity Override Guidance

Determine which OS accounts external DBMS executables are run.

Review the privileges assigned to these accounts and compare them to the System Security Plan and the function of the applications.

If assigned privileges exceed those necessary to operate as designed or the privileges do not match the list of required privileges for the application in the System Security Plan, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments