STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Oracle SQL92_SECURITY parameter must be set to TRUE.

DISA Rule

SV-219832r533037_rule

Vulnerability Number

V-219832

Group Title

SRG-APP-000516-DB-000363

Rule Version

O121-BP-022100

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Enable SQL92 security.

From SQL*Plus:

alter system set sql92_security = TRUE scope = spfile;

The above SQL*Plus command will set the parameter to take effect at next system startup.

Check Contents

From SQL*Plus:

select value from v$parameter where name = 'sql92_security';

If the value returned is set to FALSE, this is a finding.

If the parameter is set to TRUE or does not exist, this is not a finding.

Vulnerability Number

V-219832

Documentable

False

Rule Version

O121-BP-022100

Severity Override Guidance

From SQL*Plus:

select value from v$parameter where name = 'sql92_security';

If the value returned is set to FALSE, this is a finding.

If the parameter is set to TRUE or does not exist, this is not a finding.

Check Content Reference

M

Target Key

4059

Comments