STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

Unused database components which are integrated in DB2 and cannot be uninstalled must be disabled.

DISA Rule

SV-89155r1_rule

Vulnerability Number

V-74481

Group Title

SRG-APP-000141-DB-000092

Rule Version

DB2X-00-003600

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Use the appropriate version of the REVOKE command to remove unauthorized access to the designated features.

Check Contents

Review the system security plan. Determine what DB2 features are recognized as requiring specific access controls. Determine which roles are authorized to use and which may not use the designated features.

Review the permissions granted in the database. If any role is permitted to use any feature not designated as authorized, this is a finding.

Vulnerability Number

V-74481

Documentable

False

Rule Version

DB2X-00-003600

Severity Override Guidance

Review the system security plan. Determine what DB2 features are recognized as requiring specific access controls. Determine which roles are authorized to use and which may not use the designated features.

Review the permissions granted in the database. If any role is permitted to use any feature not designated as authorized, this is a finding.

Check Content Reference

M

Target Key

3161

Comments