STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Credentials stored and used by the DBMS to access remote databases or applications should be authorized and restricted to authorized users.

DISA Rule

SV-25082r1_rule

Vulnerability Number

V-15154

Group Title

DBMS remote system credential use and access

Rule Version

DG0190-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Grant access to database links to authorized users or applications only.

Document all database links access authorizations in the System Security Plan.

Check Contents

Review the list of defined database links generated from the DBMS.

Compare to the list in the System Security Plan with the DBA.

If no database links are listed in the database and in the System Security Plan, this check is Not a Finding.

If any database links are defined in the DBMS, verify the authorization for the definition in the System Security Plan.

If any database links exist that are not authorized or not listed in the System Security Plan, this is a Finding.

Vulnerability Number

V-15154

Documentable

False

Rule Version

DG0190-ORACLE11

Severity Override Guidance

Review the list of defined database links generated from the DBMS.

Compare to the list in the System Security Plan with the DBA.

If no database links are listed in the database and in the System Security Plan, this check is Not a Finding.

If any database links are defined in the DBMS, verify the authorization for the definition in the System Security Plan.

If any database links exist that are not authorized or not listed in the System Security Plan, this is a Finding.

Check Content Reference

I

Responsibility

Database Administrator

Target Key

1367

Comments