STIGQter STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 1 Release: 17 Benchmark Date: 24 Jan 2020: The DBMS must notify appropriate individuals when account disabling actions are taken.

DISA Rule

SV-66411r3_rule

Vulnerability Number

V-52195

Group Title

SRG-APP-000293-DB-000130

Rule Version

O112-C2-020600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Working with the DBA and site management, determine the appropriate individuals (by job role) to be notified.

If Oracle Audit Vault is available, configure it to notify the appropriate individuals when accounts are disabled.

If Oracle Audit Vault is not available, configure the Oracle DBMS's auditing feature to record account-disabling activity. Create and deploy a mechanism, such as a frequently-run job, to monitor the audit table or file for these records and notify the appropriate individuals.

Check Contents

Check DBMS settings to determine whether it will notify appropriate individuals when account disabling actions are taken. If the DBMS does not notify appropriate individuals when account disabling actions are taken, this is a finding.

Vulnerability Number

V-52195

Documentable

True

Rule Version

O112-C2-020600

Severity Override Guidance

Check DBMS settings to determine whether it will notify appropriate individuals when account disabling actions are taken. If the DBMS does not notify appropriate individuals when account disabling actions are taken, this is a finding.

Check Content Reference

M

Target Key

2669

Comments