STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The DBMS requires a System Security Plan containing all required information.

DISA Rule

SV-24437r1_rule

Vulnerability Number

V-15150

Group Title

DBMS System Security Plan

Rule Version

DG0154-ORACLE11

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Develop, document and implement a System Security Plan for the DBMS.

Include IA documentation related to the DBMS in the System Security Plan for the system that the DBMS supports.

Review section 3.4 - System Security Plan Overview in the ORACLE DATABASE SECURITY CHECKLIST for more information.

Check Contents

Review the System Security Plan for the DBMS.

Review coverage of the following in the System Security Plan:
- Technical, administrative and procedural IA program and policies that govern the DBMS
- Identification of all IA personnel (IAM, IAO, DBA, SA) assigned responsibility to the DBMS
- Specific IA requirements and objectives (e.g., requirements for data handling or dissemination (to include identification of sensitive data stored in the database, database application user job functions/roles and privileges), system redundancy and backup, or emergency response)

If a System Security Plan does not exist or does not identify or reference all relevant security controls, this is a Finding.

The DBMS requires a System Security Plan containing all required information.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments