STIGQter STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 1 Release: 16 Benchmark Date: 24 Jan 2020: Remote DBMS administration must be documented and authorized or disabled.

DISA Rule

SV-76013r3_rule

Vulnerability Number

V-61523

Group Title

SRG-APP-000516-DB-999900

Rule Version

O121-BP-026000

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Disable remote administration of the DBMS where not required.

Where remote administration of the DBMS is required, develop, document and implement policy and procedures on its use.

Assign remote administration privileges to ISSO-authorized personnel only.

Document assignments in the System Security Plan.

Where remote administration is to be performed from outside the DoDIN, configure an approved VPN client for this purpose.

Check Contents

Review the System Security Plan for authorization, assignments and usage procedures for remote DBMS administration.

If remote administration of the DBMS is not documented or poorly documented, this is a finding.

If remote administration of the DBMS is not authorized and not disabled, this is a finding.

If remote administration is to be performed from outside the DoDIN, but is not done via an approved and properly configured VPN, this is a finding.

Vulnerability Number

V-61523

Documentable

False

Rule Version

O121-BP-026000

Severity Override Guidance

Review the System Security Plan for authorization, assignments and usage procedures for remote DBMS administration.

If remote administration of the DBMS is not documented or poorly documented, this is a finding.

If remote administration of the DBMS is not authorized and not disabled, this is a finding.

If remote administration is to be performed from outside the DoDIN, but is not done via an approved and properly configured VPN, this is a finding.

Check Content Reference

M

Target Key

2679

Comments