6.3.2 Review Row Permission Logic According to Policy

Information

The logic behind instituting row permissions is crucial for a successful security policy. Inspecting this logic and comparing it to the security policy will assure that all aspects of the data access controls are being adhered to.

Rationale:

Missing or incomplete Db2 RCAC Security Policies will increase the risks to the organization's protected data and will prevent efforts to monitor, alert, and respond to these risks in the future.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Create RCAC Policies for each 'gap' listed from the Audit procedure.

Review the newly created Db2 RCAC policy against the organization's policy.

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: IBM_DB2DB

Control ID: 4f5d8342a3e24ce7fba5982df960ccd194619c3d6710b7914e66c95e4ac73454