STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 1 Release: 16 Benchmark Date: 24 Jan 2020: The ISSM must review changes to DBA role assignments.

DISA Rule

SV-75987r1_rule

Vulnerability Number

V-61497

Group Title

SRG-APP-000516-DB-999900

Rule Version

O121-BP-024600

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop, document and implement procedures to monitor changes to DBA role assignments.

Develop, document and implement procedures to notify the ISSM of changes to DBA role assignments.

Include in the procedures methods that provide evidence of monitoring and notification.

Check Contents

Review policy and procedures documented or noted in the System Security Plan as well as evidence of implementation for monitoring changes to DBA role assignments and procedures for notifying the ISSM of the changes for review.

If policy, procedures or implementation evidence do not exist, this is a finding.

Vulnerability Number

V-61497

Documentable

False

Rule Version

O121-BP-024600

Severity Override Guidance

Review policy and procedures documented or noted in the System Security Plan as well as evidence of implementation for monitoring changes to DBA role assignments and procedures for notifying the ISSM of the changes for review.

If policy, procedures or implementation evidence do not exist, this is a finding.

Check Content Reference

M

Target Key

2679

Comments