DG0011-ORACLE11 - Configuration management procedures should be defined and implemented for database software modifications.

Information

Uncontrolled, untested, or unmanaged changes result in an unreliable security posture. All changes to software libraries related to the database and its use need to be reviewed, considered, and the responsibility for CM assigned. CM responsibilities may appear to cross boundaries. It is important, however, for the boundaries of CM responsibility to be clearly defined and assigned to ensure no libraries or configurations are left unaddressed. Related database application libraries may include third-party DBMS management tools, DBMS stored procedures, or other end-user applications.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop, document and implement configuration management procedures or processes.

Ensure the 4 major requirements listed in the check are documented at a minimum.

Assign responsibilities for oversight and approval for any and all changes made to DBMS software and configuration.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|III, Rule-ID|SV-24599r1_rule, STIG-ID|DG0011-ORACLE11, Vuln-ID|V-3726

Plugin: Windows

Control ID: c79f639365f0514126cbba9391095023fbb2d1912c41a17fccf67c3138a76744