STIGQter STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019:

Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.

DISA Rule

SV-89179r1_rule

Vulnerability Number

V-74505

Group Title

SRG-APP-000243-DB-000128

Rule Version

DB2X-00-005600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Create and document a process for moving data from production to development/test systems and follow the process.

Modify any code used for moving data from production to development/test systems to ensure copies of production data are not left in unsecured locations.

Check Contents

Verify there are proper procedures in place for the transfer of development/test data from production. Review any scripts or code that exists for the movement of production data to development/test and verify copies of production data are not left in unprotected locations.

If there is no documented procedure for data movement from production to development/test, this is a finding.

If data movement code that copies from production to development/test does exist and leaves any copies of production data in unprotected locations, this is a finding.

Vulnerability Number

V-74505

Documentable

False

Rule Version

DB2X-00-005600

Severity Override Guidance

Verify there are proper procedures in place for the transfer of development/test data from production. Review any scripts or code that exists for the movement of production data to development/test and verify copies of production data are not left in unprotected locations.

If there is no documented procedure for data movement from production to development/test, this is a finding.

If data movement code that copies from production to development/test does exist and leaves any copies of production data in unprotected locations, this is a finding.

Check Content Reference

M

Target Key

3161

Comments