DG0007-ORACLE11 - The database should be secured in accordance with DoD, vendor and/or commercially accepted practices where applicable.

Information

DBMS systems that do not follow DoD, vendor and/or public best security practices are vulnerable to related published vulnerabilities. A DoD reference document such as a security technical implementation guide or security recommendation guide constitutes the primary source for security configuration or implementation guidance for the deployment of newly acquired IA- and IA-enabled IT products that require use of the product's IA capabilities.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Apply available security guidance to the DBMS system.

If DoD security guidance is not available, the following are acceptable in descending order as available:
(1) Commercially accepted practices (e.g., SANS);
(2) Independent testing results (e.g., ICSA); or
(3) Vendor literature

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-30742r1_rule, STIG-ID|DG0007-ORACLE11, Vuln-ID|V-6767

Plugin: Windows

Control ID: 65b43753c062590626c4444fff9e839d6eb7b58d75989517171e0c0041b347f9