STIGQter STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 1 Release: 17 Benchmark Date: 24 Jan 2020: DBMS default accounts must be protected from misuse.

DISA Rule

SV-66621r1_rule

Vulnerability Number

V-52405

Group Title

SRG-APP-000063-DB-000023

Rule Version

O112-N2-004701

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure that all individuals with DBA responsibilities always log in under their individual administrative accounts.

Ensure that the passwords for essential system accounts such as SYS are available only to authorized administrators, and tightly guarded to avoid misuse. Ensure that these accounts are kept locked except when it is specifically necessary to use them.

Check Contents

Review the use of the essential system accounts with the DBA(s). Request evidence that administrators have individual administrative accounts, and that they use these rather than SYS, SYSTEM, SYSMAN, etc., in carrying out their duties.

If the evidence indicates otherwise, this is a finding.

Review the status of the essential system accounts, in the view DBA_USERS. If any of these accounts is not locked, this is a finding.

Vulnerability Number

V-52405

Documentable

False

Rule Version

O112-N2-004701

Severity Override Guidance

Review the use of the essential system accounts with the DBA(s). Request evidence that administrators have individual administrative accounts, and that they use these rather than SYS, SYSTEM, SYSMAN, etc., in carrying out their duties.

If the evidence indicates otherwise, this is a finding.

Review the status of the essential system accounts, in the view DBA_USERS. If any of these accounts is not locked, this is a finding.

Check Content Reference

M

Target Key

2669

Comments