STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The DBMS must protect audit tools from unauthorized deletion.

DISA Rule

SV-219766r395835_rule

Vulnerability Number

V-219766

Group Title

SRG-APP-000123-DB-000204

Rule Version

O112-C2-009800

Severity

CAT II

CCI(s)

• CCI-001495 - The information system protects audit tools from unauthorized deletion.

Weight

10

Fix Recommendation

Add or modify access controls and permissions to tools used to view or modify audit log data. Only authorized personnel must be able to delete these tools.

Check Contents

Review access permissions to tools used to view or modify audit log data. These tools may include the DBMS itself or tools external to the database. If appropriate permissions and access controls are not applied to prevent unauthorized deletion of these tools, this is a finding.

Vulnerability Number

V-219766

Documentable

False

Rule Version

O112-C2-009800

Severity Override Guidance

Review access permissions to tools used to view or modify audit log data. These tools may include the DBMS itself or tools external to the database. If appropriate permissions and access controls are not applied to prevent unauthorized deletion of these tools, this is a finding.

Check Content Reference

M

Target Key

4057

Comments