STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The DBMS should not be operated without authorization on a host system supporting other application services.

DISA Rule

SV-24715r1_rule

Vulnerability Number

V-15146

Group Title

DBMS dedicated host

Rule Version

DG0109-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

A dedicated host system in this case refers to an instance of the operating system at a minimum.

The operating system may reside on a virtual host machine where supported by the DBMS vendor.

Remove any unauthorized processes or services and install on a separate host system.

Where separation is not supported, update the System Security Plan to provide the technical requirement for having the application share a host with the DBMS.

Check Contents

Review a list of Windows service or UNIX processes running on the DBMS host.

For Windows, review the Services snap-in.

Investigate with the DBA/SA any unknown services.

For UNIX, issue the ps -ef command.

Investigate with the DBA/SA any unknown processes.

If web, application, ftp, domain, print or other non-DBMS services or processes are identified as supporting other optional applications or functions not authorized in the System Security Plan, this is a Finding.

NOTE: Only applications that are technically required to share the same host system may be authorized to do so. Applications that share the same host for administrative, financial or other non-technical reasons may not be authorized and are a Finding.

Vulnerability Number

V-15146

Documentable

False

Rule Version

DG0109-ORACLE11

Severity Override Guidance

Review a list of Windows service or UNIX processes running on the DBMS host.

For Windows, review the Services snap-in.

Investigate with the DBA/SA any unknown services.

For UNIX, issue the ps -ef command.

Investigate with the DBA/SA any unknown processes.

If web, application, ftp, domain, print or other non-DBMS services or processes are identified as supporting other optional applications or functions not authorized in the System Security Plan, this is a Finding.

NOTE: Only applications that are technically required to share the same host system may be authorized to do so. Applications that share the same host for administrative, financial or other non-technical reasons may not be authorized and are a Finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1368

Comments