STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The system must verify there have not been unauthorized changes to the DBMS software and information.

DISA Rule

SV-237743r667261_rule

Vulnerability Number

V-237743

Group Title

SRG-APP-000133-DB-000179

Rule Version

O121-C2-019600

Severity

CAT II

CCI(s)

• CCI-002716 - The information system implements cryptographic mechanisms to detect unauthorized changes to software.

Weight

10

Fix Recommendation

Utilize the OS or a third-party product to perform file verification of DBMS system file integrity.

(Using Oracle Configuration Manager with Enterprise Manager, configured to perform this verification, is one possible way of satisfying this requirement.)

Check Contents

Verify the DBMS system initialization/parameter files and software is included in the configuration of any third-party software or custom scripting at the OS level to perform integrity verification.

If neither a third-party application nor the OS is performing integrity verification of DBMS system files, this is a finding.

Vulnerability Number

V-237743

Documentable

False

Rule Version

O121-C2-019600

Severity Override Guidance

Verify the DBMS system initialization/parameter files and software is included in the configuration of any third-party software or custom scripting at the OS level to perform integrity verification.

If neither a third-party application nor the OS is performing integrity verification of DBMS system files, this is a finding.

Check Content Reference

M

Target Key

4059

Comments