STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Transaction logs should be periodically reviewed for unauthorized modification of data.

DISA Rule

SV-28970r1_rule

Vulnerability Number

V-15133

Group Title

DBMS audit of changes to data

Rule Version

DG0031-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure database data auditing to comply with the requirements of the application.

Document auditing requirements in the System Security Plan.

Check Contents

If the application does not require auditing using DBMS features, this check is Not Applicable.

Review the application System Security Plan for requirements for database configuration for auditing changes to application data.

If the application requires DBMS auditing for changes to data, review the database audit configuration against the application requirement. If the auditing does not comply with the requirement, this is a Finding.

Vulnerability Number

V-15133

Documentable

False

Rule Version

DG0031-ORACLE11

Severity Override Guidance

If the application does not require auditing using DBMS features, this check is Not Applicable.

Review the application System Security Plan for requirements for database configuration for auditing changes to application data.

If the application requires DBMS auditing for changes to data, review the database audit configuration against the application requirement. If the auditing does not comply with the requirement, this is a Finding.

Check Content Reference

I

Responsibility

Database Administrator

Target Key

1367

Comments