STIGQter STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Logic modules within the database (to include packages, procedures, functions and triggers) must be monitored to discover unauthorized changes.

DISA Rule

SV-220307r395850_rule

Vulnerability Number

V-220307

Group Title

SRG-APP-000133-DB-000179

Rule Version

O121-OS-010710

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement procedures to monitor for unauthorized changes to database logic modules. If a third-party automated tool is not employed, an automated job that reports on the objects of interest and compares them to the baseline report for the same will meet the requirement.

Check Contents

Review monitoring procedures and implementation evidence to verify that monitoring of changes to database logic modules is done.

Verify the list of objects (packages, procedures, functions, and triggers) being monitored is complete. If monitoring does not occur or is not complete, this is a finding.

Vulnerability Number

V-220307

Documentable

False

Rule Version

O121-OS-010710

Severity Override Guidance

Review monitoring procedures and implementation evidence to verify that monitoring of changes to database logic modules is done.

Verify the list of objects (packages, procedures, functions, and triggers) being monitored is complete. If monitoring does not occur or is not complete, this is a finding.

Check Content Reference

M

Target Key

4059

Comments