STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Oracle instance names must not contain Oracle version numbers.

DISA Rule

SV-219696r401224_rule

Vulnerability Number

V-219696

Group Title

SRG-APP-000516-DB-000363

Rule Version

O112-BP-021300

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Follow the instructions in Oracle MetaLink Note 15390.1 (and related documents) to change the SID for the database without re-creating the database to a value that does not identify the Oracle version.

Check Contents

From SQL*Plus:

select instance_name from v$instance;
select version from v$instance;

If the instance name returned references the Oracle release number, this is a Finding.

Numbers used that include version numbers by coincidence are not a Finding.

The DBA should be able to relate the significance of the presence of a digit in the SID.

Vulnerability Number

V-219696

Documentable

False

Rule Version

O112-BP-021300

Severity Override Guidance

From SQL*Plus:

select instance_name from v$instance;
select version from v$instance;

If the instance name returned references the Oracle release number, this is a Finding.

Numbers used that include version numbers by coincidence are not a Finding.

The DBA should be able to relate the significance of the presence of a digit in the SID.

Check Content Reference

M

Target Key

4057

Comments