STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

DBMS backup and restoration files must be protected from unauthorized access.

DISA Rule

SV-238457r667545_rule

Vulnerability Number

V-238457

Group Title

SRG-APP-000243-DB-000374

Rule Version

O112-C2-012500

Severity

CAT II

CCI(s)

• CCI-001090 - The information system prevents unauthorized and unintended information transfer via shared system resources.

Weight

10

Fix Recommendation

Implement protection for backup and restoration files. Document personnel and the level of access authorized for each to the backup and restoration files in the system documentation.

Check Contents

Review file protections assigned to online backup and restoration files. Review access protections and procedures for offline backup and restoration files. If backup or restoration files are subject to unauthorized access, this is a finding.

It may be necessary to review backup and restoration procedures to determine ownership and access during all phases of backup and recovery.

Vulnerability Number

V-238457

Documentable

False

Rule Version

O112-C2-012500

Severity Override Guidance

Review file protections assigned to online backup and restoration files. Review access protections and procedures for offline backup and restoration files. If backup or restoration files are subject to unauthorized access, this is a finding.

It may be necessary to review backup and restoration procedures to determine ownership and access during all phases of backup and recovery.

Check Content Reference

M

Target Key

4057

Comments