Information
The logic behind instituting row permissions is crucial for a successful security policy. Inspecting this logic and comparing it to the security policy will assure that all aspects of the data access controls are being adhered to.
Rationale:
Missing or incomplete Db2 RCAC Security Policies will increase the risks to the organization's protected data and will prevent efforts to monitor, alert, and respond to these risks in the future.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Create RCAC Policies for each 'gap' listed from the Audit procedure.
Review the newly created Db2 RCAC policy against the organization's policy.