STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

Remote DBMS administration should be documented and authorized or disabled.

DISA Rule

SV-24982r1_rule

Vulnerability Number

V-15651

Group Title

DBMS remote administration

Rule Version

DG0157-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Disable remote administration of the DBMS where not required.

Where remote administration of the DBMS is required, develop, document and implement policy and procedures on its use.

Assign remote administration privileges to IAO-authorized personnel only.

Document assignments in the System Security Plan.

Check Contents

Review the System Security Plan for authorization, assignments and usage procedures for remote DBMS administration.

If remote administration of the DBMS is not documented or poorly documented, this is a Finding.

If remote administration of the DBMS is not authorized and not disabled, this is a Finding.

Vulnerability Number

V-15651

Documentable

False

Rule Version

DG0157-ORACLE11

Severity Override Guidance

Review the System Security Plan for authorization, assignments and usage procedures for remote DBMS administration.

If remote administration of the DBMS is not documented or poorly documented, this is a Finding.

If remote administration of the DBMS is not authorized and not disabled, this is a Finding.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments