STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to the DBMS, etc.) must be restricted to authorized users.

DISA Rule

SV-206548r617447_rule

Vulnerability Number

V-206548

Group Title

SRG-APP-000133

Rule Version

SRG-APP-000133-DB-000362

Severity

CAT II

CCI(s)

CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

Fix Recommendation

Revoke unauthorized memberships in the DBMS modification group(s)/role(s).

Check Contents

Identify the group(s)/role(s) established for DBMS modification.

Obtain the list of users in those group(s)/roles.

Identify the individuals authorized to modify the DBMS.

If unauthorized access to the group(s)/role(s) has been granted, this is a finding.

The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to the DBMS, etc.) must be restricted to authorized users.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments