STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

A single database connection configuration file must not be used to configure all database clients.

DISA Rule

SV-238440r667494_rule

Vulnerability Number

V-238440

Group Title

SRG-APP-000516-DB-000363

Rule Version

O112-C2-003600

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement procedures to supply database connection information to only those databases authorized for the user.

Check Contents

Review procedures for providing database connection information to users/user workstations. If procedures do not indicate or implement restrictions to connections required by the particular user, this is a finding.

Note: This check is specific for the DBMS host system and not directed at client systems (client systems are included in the Application STIG/Checklist); however, detection of unauthorized client connections to the DBMS host system obtained through log files should be performed regularly and documented where authorized.

Vulnerability Number

V-238440

Documentable

False

Rule Version

O112-C2-003600

Severity Override Guidance

Review procedures for providing database connection information to users/user workstations. If procedures do not indicate or implement restrictions to connections required by the particular user, this is a finding.

Note: This check is specific for the DBMS host system and not directed at client systems (client systems are included in the Application STIG/Checklist); however, detection of unauthorized client connections to the DBMS host system obtained through log files should be performed regularly and documented where authorized.

Check Content Reference

M

Target Key

4057

Comments