STIGQter STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019: When using command-line tools such as db2, users must use a Connect method that does not expose the password.

DISA Rule

SV-89165r1_rule

Vulnerability Number

V-74491

Group Title

SRG-APP-000178-DB-000083

Rule Version

DB2X-00-004520

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

For the "db2" command, which cannot be configured not to accept a plain-text password, and any other essential tool with the same limitation:
1) Document the need for it, who uses it, and any relevant mitigations, and obtain AO approval.
2) Train all users of the tool in the importance of not using the plain-text password option and in how to keep the password hidden.

Check Contents

For the "db2" command, which cannot be configured not to accept a plain-text password, and any other essential tool with the same limitation, verify that the system documentation explains the need for the tool, who uses it, and any relevant mitigations; and that AO approval has been obtained; if not, this is a finding.

Request evidence that all users of the tool are trained in the importance of not using the plain-text password option and in how to keep the password hidden; and that they adhere to this practice. If not, this is a finding.

Vulnerability Number

V-74491

Documentable

False

Rule Version

DB2X-00-004520

Severity Override Guidance

For the "db2" command, which cannot be configured not to accept a plain-text password, and any other essential tool with the same limitation, verify that the system documentation explains the need for the tool, who uses it, and any relevant mitigations; and that AO approval has been obtained; if not, this is a finding.

Request evidence that all users of the tool are trained in the importance of not using the plain-text password option and in how to keep the password hidden; and that they adhere to this practice. If not, this is a finding.

Check Content Reference

M

Target Key

3161

Comments