STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:SV-206519r617447_rule
V-206519
SRG-APP-000001
SRG-APP-000001-DB-000031
CAT II
10
If the DBMS is capable of enforcing this restriction, but is not configured to do so, configure it to do so. (This may involve the development of one or more triggers.)
If it is not technically feasible for the DBMS to enforce this restriction, and the application(s) and supporting software are not configured to do so, configure them to do so.
If the value for any type of user account is not set, determine the correct value and set it.
If a value is set but is not equal to the value specified for the type of user, determine the correct value, set it, and update the documentation, as appropriate.
Determine whether the system documentation specifies limits on the number of concurrent DBMS sessions per account by type of user. If it does not, assume a limit of 10 for database administrators and 2 for all other users.
Review the concurrent-sessions settings in the DBMS and/or the applications using it, and/or the system software supporting it.
If the DBMS is capable of enforcing this restriction but is not configured to do so, this is a finding. This holds even if the restriction is enforced by applications or supporting software.
If it is not technically feasible for the DBMS to enforce this restriction, but the application(s) or supporting software are configured to do so, this is not a finding.
If it is not technically feasible for the DBMS to enforce this restriction, and applications and supporting software are not so configured, this is a finding.
If the value for any type of user account is not set, this is a finding.
If a value is set but is not equal to the value specified in the documentation (or the default value defined in this check) for the type of user, this is a finding.
V-206519
False
SRG-APP-000001-DB-000031
Determine whether the system documentation specifies limits on the number of concurrent DBMS sessions per account by type of user. If it does not, assume a limit of 10 for database administrators and 2 for all other users.
Review the concurrent-sessions settings in the DBMS and/or the applications using it, and/or the system software supporting it.
If the DBMS is capable of enforcing this restriction but is not configured to do so, this is a finding. This holds even if the restriction is enforced by applications or supporting software.
If it is not technically feasible for the DBMS to enforce this restriction, but the application(s) or supporting software are configured to do so, this is not a finding.
If it is not technically feasible for the DBMS to enforce this restriction, and applications and supporting software are not so configured, this is a finding.
If the value for any type of user account is not set, this is a finding.
If a value is set but is not equal to the value specified in the documentation (or the default value defined in this check) for the type of user, this is a finding.
M
2902