STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

DBMS remote administration should be audited.

DISA Rule

SV-24985r1_rule

Vulnerability Number

V-15652

Group Title

DBMS remote administration audit

Rule Version

DG0158-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Develop, document and implement policy and procedures for remote administration auditing.

Configure the DBMS to provide an audit trail for remote administrative sessions.

Include all actions taken by database administrators during remote sessions.

Actions should be tied to a specific user.

Check Contents

Review settings for actions taken during remote administration sessions.

If auditing of remote administration sessions and actions is not enabled, this is a Finding.

If audit logs do not include all actions taken by database administrators during remote sessions, this is a Finding.

Actions should be tied to a specific user.

Vulnerability Number

V-15652

Documentable

False

Rule Version

DG0158-ORACLE11

Severity Override Guidance

Review settings for actions taken during remote administration sessions.

If auditing of remote administration sessions and actions is not enabled, this is a Finding.

If audit logs do not include all actions taken by database administrators during remote sessions, this is a Finding.

Actions should be tied to a specific user.

Check Content Reference

M

Responsibility

Database Administrator

Target Key

1368

Comments