STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.

DISA Rule

SV-206585r617447_rule

Vulnerability Number

V-206585

Group Title

SRG-APP-000328

Rule Version

SRG-APP-000328-DB-000301

Severity

CAT II

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

10

Fix Recommendation

Implement the organization's DAC policy in the security configuration of the database and DBMS, and, if applicable, the security configuration of the application(s) using the database.

Check Contents

Review system documentation to identify the required discretionary access control (DAC).

Review the security configuration of the database and DBMS. If applicable, review the security configuration of the application(s) using the database.

If the discretionary access control defined in the documentation is not implemented in the security configuration, this is a finding.

Vulnerability Number

V-206585

Documentable

False

Rule Version

SRG-APP-000328-DB-000301

Severity Override Guidance

Review system documentation to identify the required discretionary access control (DAC).

Review the security configuration of the database and DBMS. If applicable, review the security configuration of the application(s) using the database.

If the discretionary access control defined in the documentation is not implemented in the security configuration, this is a finding.

Check Content Reference

M

Target Key

2902

Comments