STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The DBMS IA policies and procedures should be reviewed annually or more frequently.

DISA Rule

SV-24689r1_rule

Vulnerability Number

V-15138

Group Title

DBMS IA policy and procedure review

Rule Version

DG0096-ORACLE11

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop, document and implement procedures to review DBMS IA policies and procedures.

Check Contents

Review documented policy and procedures included or noted in the System Security Plan as well as evidence of implementation for annual reviews of DBMS IA policy and procedures.

If policy and procedures do not exist, are incomplete, or are not implemented and followed annually or more frequently, this is a Finding.

Vulnerability Number

V-15138

Documentable

False

Rule Version

DG0096-ORACLE11

Severity Override Guidance

Review documented policy and procedures included or noted in the System Security Plan as well as evidence of implementation for annual reviews of DBMS IA policy and procedures.

If policy and procedures do not exist, are incomplete, or are not implemented and followed annually or more frequently, this is a Finding.

Check Content Reference

I

Responsibility

Information Assurance Officer

Target Key

1368

Comments