DG0088-ORACLE11 - The DBMS should be periodically tested for vulnerability management and IA compliance.

Information

The DBMS security configuration may be altered either intentionally or unintentionally over time. The DBMS may also be the subject of published vulnerabilities that require the installation of a security patch or a reconfiguration to mitigate the vulnerability. If the DBMS is not monitored for required or unintentional changes that render it not compliant with requirements, then it can be vulnerable to attack or compromise.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop, document and implement procedures for periodic testing of the DBMS for current vulnerability management and security configuration compliance as stated in the check.

Coordinate 3rd-party validation testing for Classified systems.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|III, Rule-ID|SV-24678r1_rule, STIG-ID|DG0088-ORACLE11, Vuln-ID|V-15112

Plugin: Unix

Control ID: 627adccf77a6bcd902ae2d8f5a7a9105b9b635fd161a78fdd79e940c5daa7b52