STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Processes (services, applications, etc.) that connect to the DBMS independently of individual users, must use valid, current DoD approved PKI certificates for authentication to the DBMS.

DISA Rule

SV-220293r666959_rule

Vulnerability Number

V-220293

Group Title

SRG-APP-000177-DB-000069

Rule Version

O121-C2-015501

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

For each such account, use DoD certificate-based authentication.

Check Contents

Review configuration to confirm that accounts used by processes to connect to the DBMS are authenticated using valid, current DoD approved PKI certificates.

If any such account (other than SYS, SYSBACKUP, SYSDG, and SYSKM) is not certificate-based, this is a finding.

Vulnerability Number

V-220293

Documentable

False

Rule Version

O121-C2-015501

Severity Override Guidance

Review configuration to confirm that accounts used by processes to connect to the DBMS are authenticated using valid, current DoD approved PKI certificates.

If any such account (other than SYS, SYSBACKUP, SYSDG, and SYSKM) is not certificate-based, this is a finding.

Check Content Reference

M

Target Key

4059

Comments