STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.

DISA Rule

SV-30742r1_rule

Vulnerability Number

V-6767

Group Title

DBMS security compliance

Rule Version

DG0007-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Apply available security guidance to the DBMS system.

If DoD security guidance is not available, the following are acceptable in descending order as available:
(1) Commercially accepted practices (e.g., SANS);
(2) Independent testing results (e.g., ICSA); or
(3) Vendor literature

Check Contents

Review security and administration documentation maintained for the DBMS system for indications that security guidance has been applied to the DBMS system.

If DoD security guidance is not available, the following are acceptable in descending order as available:
(1) Commercially accepted practices (e.g., SANS);
(2) Independent testing results (e.g., ICSA); or
(3) Vendor literature

If the DBMS system has not been secured using available security guidance as listed above, this is a Finding.

Vulnerability Number

V-6767

Documentable

False

Rule Version

DG0007-ORACLE11

Severity Override Guidance

Review security and administration documentation maintained for the DBMS system for indications that security guidance has been applied to the DBMS system.

If DoD security guidance is not available, the following are acceptable in descending order as available:
(1) Commercially accepted practices (e.g., SANS);
(2) Independent testing results (e.g., ICSA); or
(3) Vendor literature

If the DBMS system has not been secured using available security guidance as listed above, this is a Finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1368

Comments