STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Instance STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-24647r1_rule
V-2508
DBMS user account authorization
DG0070-ORACLE11
CAT II
10
Develop, document and implement procedures for authorizing creation, changes and deletions of user accounts.
Monitor user accounts to verify that they remain authorized.
Review procedures for ensuring authorization of new or re-assigned DBMS user accounts.
Requests for user account access to the DBMS should include documented approval by an authorized requestor.
Procedures should also include notification for a change in status, particularly cause for revocation of account access, to any DBMS accounts.
Review the user accounts listed either in the script report or manually against the authorized user list.
From SQL*Plus:
select username from dba_users order by username;
If procedures for DBMS user account authorization are incomplete or not implemented, this is a Finding.
If any accounts listed are not clearly authorized, this is a Finding.
V-2508
False
DG0070-ORACLE11
Review procedures for ensuring authorization of new or re-assigned DBMS user accounts.
Requests for user account access to the DBMS should include documented approval by an authorized requestor.
Procedures should also include notification for a change in status, particularly cause for revocation of account access, to any DBMS accounts.
Review the user accounts listed either in the script report or manually against the authorized user list.
From SQL*Plus:
select username from dba_users order by username;
If procedures for DBMS user account authorization are incomplete or not implemented, this is a Finding.
If any accounts listed are not clearly authorized, this is a Finding.
M
Database Administrator
1367