STIGQter: STIG Summary: Database Security Requirements Guide Version: 2 Release: 9 Benchmark Date: 25 Oct 2019: The DBMS must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

DISA Rule

SV-72453r1_rule

Vulnerability Number

V-58023

Group Title

SRG-APP-000340-DB-000304

Rule Version

SRG-APP-000340-DB-000304

Severity

CAT II

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Configure DBMS security to protect all privileged functionality.

Check Contents

Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question.

Review the DBMS security configuration and/or other means used to protect privileged functionality from unauthorized use.

If the configuration does not protect all of the actions defined as privileged, this is a finding.

Vulnerability Number

V-58023

Documentable

False

Rule Version

SRG-APP-000340-DB-000304

Severity Override Guidance

Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question.

Review the DBMS security configuration and/or other means used to protect privileged functionality from unauthorized use.

If the configuration does not protect all of the actions defined as privileged, this is a finding.

Check Content Reference

M

Target Key

2219

Comments