STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

The DBMS must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

DISA Rule

SV-206586r617447_rule

Vulnerability Number

V-206586

Group Title

SRG-APP-000340

Rule Version

SRG-APP-000340-DB-000304

Severity

CAT II

CCI(s)

• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Configure DBMS security to protect all privileged functionality.

Check Contents

Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question.

Review the DBMS security configuration and/or other means used to protect privileged functionality from unauthorized use.

If the configuration does not protect all of the actions defined as privileged, this is a finding.

Vulnerability Number

V-206586

Documentable

False

Rule Version

SRG-APP-000340-DB-000304

Severity Override Guidance

Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question.

Review the DBMS security configuration and/or other means used to protect privileged functionality from unauthorized use.

If the configuration does not protect all of the actions defined as privileged, this is a finding.

Check Content Reference

M

Target Key

2902

Comments