STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:SV-24678r1_rule
V-15112
DBMS vulnerability mgmt and IA compliance testing
DG0088-ORACLE11
CAT III
10
Develop, document and implement procedures for periodic testing of the DBMS for current vulnerability management and security configuration compliance as stated in the check.
Coordinate 3rd-party validation testing for Classified systems.
Review procedures and evidence of implementation for DBMS IA and vulnerability management compliance.
This should include periodic, unannounced, in-depth monitoring and provide for specific penetration testing to ensure compliance with all vulnerability mitigation procedures such as the DoD IAVA or other DoD IA practices is planned, scheduled and conducted.
Testing is intended to ensure that the system's IA capabilities continue to provide adequate assurance against constantly evolving threats and vulnerabilities.
The results for Classified systems are required to be independently validated.
If the requirments listed above are not being met, this is a Finding.
V-15112
False
DG0088-ORACLE11
Review procedures and evidence of implementation for DBMS IA and vulnerability management compliance.
This should include periodic, unannounced, in-depth monitoring and provide for specific penetration testing to ensure compliance with all vulnerability mitigation procedures such as the DoD IAVA or other DoD IA practices is planned, scheduled and conducted.
Testing is intended to ensure that the system's IA capabilities continue to provide adequate assurance against constantly evolving threats and vulnerabilities.
The results for Classified systems are required to be independently validated.
If the requirments listed above are not being met, this is a Finding.
I
Information Assurance Officer
1368