STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

An automated tool that monitors audit data and immediately reports suspicious activity should be employed for the DBMS.

DISA Rule

SV-24815r1_rule

Vulnerability Number

V-15103

Group Title

DBMS Audit Tool

Rule Version

DG0161-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop or procure, document and implement an automated, continuous on-line monitoring and audit trail creation capability for the DBMS is deployed with the capability to immediately alert personnel of any unusual or inappropriate activity with potential IA implications, and with a user-configurable capability to automatically disable the system if serious IA violations are detected.

Check Contents

Review evidence or operation of an automated, continuous on-line monitoring and audit trail creation capability for the DBMS is deployed with the capability to immediately alert personnel of any unusual or inappropriate activity with potential IA implications, and with a user-configurable capability to automatically disable the system if serious IA violations are detected.

If the requirements listed above are not fully met, this is a Finding.

Vulnerability Number

V-15103

Documentable

False

Rule Version

DG0161-ORACLE11

Severity Override Guidance

Review evidence or operation of an automated, continuous on-line monitoring and audit trail creation capability for the DBMS is deployed with the capability to immediately alert personnel of any unusual or inappropriate activity with potential IA implications, and with a user-configurable capability to automatically disable the system if serious IA violations are detected.

If the requirements listed above are not fully met, this is a Finding.

Check Content Reference

I

Responsibility

Information Assurance Officer

Target Key

1368

Comments