STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-237702r667138_rule
V-237702
SRG-APP-000516-DB-000363
O121-C2-002000
CAT II
10
If using database mechanisms to satisfy this requirement, use a profile with a distinctive name (for example, TEMPORARY_USERS), so that temporary users can be easily identified. Whenever a temporary user account is created, assign it to this profile.
Create a job to lock accounts under this profile that are more than 72 hours old.
If the organization has a policy, consistently enforced, forbidding the creation of emergency or temporary accounts, this is not a finding.
If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.
Check DBMS settings, OS settings, and/or enterprise-level authentication/access mechanisms settings to determine if the site utilizes a mechanism whereby temporary are terminated after a 72 hour time period. If not, this is a finding.
V-237702
False
O121-C2-002000
If the organization has a policy, consistently enforced, forbidding the creation of emergency or temporary accounts, this is not a finding.
If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.
Check DBMS settings, OS settings, and/or enterprise-level authentication/access mechanisms settings to determine if the site utilizes a mechanism whereby temporary are terminated after a 72 hour time period. If not, this is a finding.
M
4059