STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

The DBMS host platform and other dependent applications should be configured in compliance with applicable STIG requirements.

DISA Rule

SV-24823r1_rule

Vulnerability Number

V-15116

Group Title

DBMS host and component STIG compliancy

Rule Version

DG0175-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure all related application components and the DBMS host platform in accordance with the applicable DoD STIG.

Regularly audit the security configuration of related applications and the host platform to confirm continued compliance with security requirements.

Check Contents

If the DBMS host being reviewed is not a production DBMS host, this check is Not a Finding.

Review evidence of security hardening and auditing of the DBMS host platform with the IAO.

If the DBMS host platform has not been hardened and received a security audit, this is a Finding.

Review evidence of security hardening and auditing for all application(s) that store data in the database and all other separately configured components that access the database including web servers, application servers, report servers, etc.

If any have not been hardened and received a security audit, this is a Finding.

Review evidence of security hardening and auditing for all application(s) installed on the local DBMS host where security hardening and auditing guidance exists.

If any have not been hardened and received a security audit, this is a Finding.

Vulnerability Number

V-15116

Documentable

False

Rule Version

DG0175-ORACLE11

Severity Override Guidance

If the DBMS host being reviewed is not a production DBMS host, this check is Not a Finding.

Review evidence of security hardening and auditing of the DBMS host platform with the IAO.

If the DBMS host platform has not been hardened and received a security audit, this is a Finding.

Review evidence of security hardening and auditing for all application(s) that store data in the database and all other separately configured components that access the database including web servers, application servers, report servers, etc.

If any have not been hardened and received a security audit, this is a Finding.

Review evidence of security hardening and auditing for all application(s) installed on the local DBMS host where security hardening and auditing guidance exists.

If any have not been hardened and received a security audit, this is a Finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1368

Comments