STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

Procedures for establishing temporary passwords that meet DoD password requirements for new accounts must be defined, documented, and implemented.

DISA Rule

SV-237733r667231_rule

Vulnerability Number

V-237733

Group Title

SRG-APP-000164-DB-000401

Rule Version

O121-C2-014900

Severity

CAT II

CCI(s)

• CCI-000199 - The information system enforces maximum password lifetime restrictions.

Weight

10

Fix Recommendation

Implement procedures for assigning temporary passwords to user accounts.

Procedures should include instructions to meet current DoD password length and complexity requirements and provide a secure method to relay the temporary password to the user.

Check Contents

If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.

Where accounts are authenticated using passwords, review procedures and implementation evidence for creation of temporary passwords.

If the procedures or evidence do not exist or do not enforce passwords to meet DoD password requirements, this is a finding.

Vulnerability Number

V-237733

Documentable

False

Rule Version

O121-C2-014900

Severity Override Guidance

If all user accounts are authenticated by the OS or an enterprise-level authentication/access mechanism, and not by Oracle, this is not a finding.

Where accounts are authenticated using passwords, review procedures and implementation evidence for creation of temporary passwords.

If the procedures or evidence do not exist or do not enforce passwords to meet DoD password requirements, this is a finding.

Check Content Reference

M

Target Key

4059

Comments