STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Automated notification of suspicious activity detected in the audit trail should be implemented.

DISA Rule

SV-24670r1_rule

Vulnerability Number

V-15102

Group Title

DBMS audit report tools

Rule Version

DG0083-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop, document and implement database or host system procedures to report audit trail data in a form usable to detect unauthorized access to or usage of DBMS privileges, procedures or data.

You may also want to consider procuring a third-party auditing tool like Oracle Audit Vault with support for Oracle and other DBMS products within your environment.

NOTE: Audit data may contain sensitive information. The use of a single repository for audit data should be protected at the highest level based on the sensitivity of the databases being audited.

Check Contents

If the database being reviewed is not a production database, this check is Not a Finding.

Interview the auditor or IAO to determine if an automated tool or procedure is used to report audit trail data. If an automated tool or procedure is not used, this is a Finding.

Vulnerability Number

V-15102

Documentable

False

Rule Version

DG0083-ORACLE11

Severity Override Guidance

If the database being reviewed is not a production database, this check is Not a Finding.

Interview the auditor or IAO to determine if an automated tool or procedure is used to report audit trail data. If an automated tool or procedure is not used, this is a Finding.

Check Content Reference

I

Responsibility

Information Assurance Officer

Target Key

1368

Comments