STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The Cassandra Server must isolate security functions from non-security functions.

DISA Rule

SV-87299r1_rule

Vulnerability Number

V-72667

Group Title

SRG-APP-000233-DB-000124

Rule Version

VROM-CS-000175

Severity

CAT II

CCI(s)

CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

Fix Recommendation

Configure the Cassandra Server to isolate security functions from non-security functions.

Locate security-related database objects and code in a separate database, schema, or other separate security domain from database objects and code implementing application logic.

Using the "REVOKE" command, modify access privileges for objects in system, system_auth, and system_traces, revoking privileges of non-superuser users.

Check Contents

Review the Cassandra Server configuration to ensure objects or code implementing security functionality are located in a separate security domain, such as a separate database or schema created specifically for security functionality.

If security-related database objects or code are not kept separate, this is a finding.

Open "cqlsh" prompt of Cassandra Server and run "LIST ALL PERMISSIONS" command from it. Review username resource and permissions columns.

If for any of the objects under system, system_auth, or system_traces schemas privileges are given to any other users than a superuser (cassandra in default configuration), this is a finding.

The Cassandra Server must isolate security functions from non-security functions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments