STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The DBMS must isolate security functions from nonsecurity functions by means of separate security domains.

DISA Rule

SV-220298r397747_rule

Vulnerability Number

V-220298

Group Title

SRG-APP-000233-DB-000124

Rule Version

O121-C2-018500

Severity

CAT II

CCI(s)

CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

Fix Recommendation

Locate security-related database objects and code in a separate database, schema, or other separate security domain from database objects and code implementing application logic. (This is the default behavior for Oracle.) Review any site-specific applications security modules built into the database: determine what schema they are located in and take appropriate action.

Check Contents

Check DBMS settings to determine whether objects or code implementing security functionality are located in a separate security domain, such as a separate database or schema created specifically for security functionality.

If security-related database objects or code are not kept separate, this is a finding.

The Oracle elements of security functionality, such as the roles, permissions, and profiles, along with password complexity requirements, are stored in separate schemas in the database. Review any site-specific applications security modules built into the database and determine what schema they are located in and take appropriate action. The Oracle objects will be in the Oracle Data Dictionary.

The DBMS must isolate security functions from nonsecurity functions by means of separate security domains.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments