STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The DBMS should have configured all applicable settings to use trusted files, functions, features, or other components during startup, shutdown, aborts, or other unplanned interruptions.

DISA Rule

SV-25385r1_rule

Vulnerability Number

V-15649

Group Title

DBMS System State Changes

Rule Version

DG0155-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure DBMS system initialization, shutdown and aborts to ensure DBMS system remains in a secure state.

For applicable DBMS systems as listed in the check, periodically test configuration to ensure DBMS system state integrity.

Where DBMS system state integrity is not supported by the DBMS vendor, obtain and apply mitigation strategies to bring risk to a DAA-acceptable level.

Check Contents

Ask the DBA and/or IAO to demonstrate that the DBMS system initialization, shutdown, and aborts are configured to ensure that the DBMS system remains in a secure state.

If the DBA and/or IAO has documented proof from the DBMS vendor demonstrating that the DBMS does not support this either natively or programmatically, this check is a Finding, but can be downgraded to a CAT 3 severity.

If the DBMS does support this either natively or programmatically and the configuration does not meet the requirements listed above, this is a Finding.

For all MAC 1, all MAC 2 and Classified MAC 3 systems where the DBMS supports the requirements, review documented procedures and evidence of periodic testing to ensure DBMS system state integrity.

If documented procedures do not exist or no evidence of implementation is provided, this is a Finding.

Vulnerability Number

V-15649

Documentable

False

Rule Version

DG0155-ORACLE11

Severity Override Guidance

Ask the DBA and/or IAO to demonstrate that the DBMS system initialization, shutdown, and aborts are configured to ensure that the DBMS system remains in a secure state.

If the DBA and/or IAO has documented proof from the DBMS vendor demonstrating that the DBMS does not support this either natively or programmatically, this check is a Finding, but can be downgraded to a CAT 3 severity.

If the DBMS does support this either natively or programmatically and the configuration does not meet the requirements listed above, this is a Finding.

For all MAC 1, all MAC 2 and Classified MAC 3 systems where the DBMS supports the requirements, review documented procedures and evidence of periodic testing to ensure DBMS system state integrity.

If documented procedures do not exist or no evidence of implementation is provided, this is a Finding.

Check Content Reference

I

Responsibility

Database Administrator

Target Key

1368

Comments