DG0106-ORACLE11 - Database data encryption controls should be configured in accordance with application requirements.

Information

Access to sensitive data may not always be sufficiently protected by authorizations and require encryption. In some cases, the required encryption may be provided by the application accessing the database. In others, the DBMS may be configured to provide the data encryption. When the DBMS provides the encryption, the requirement must be implemented as identified by the Information Owner to prevent unauthorized disclosure or access.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure DBMS encryption features and functions as required by the System Security Plan.

Discrepancies between what features are and are not available should be resolved with the Information Owner, Application Developer and DBA as overseen by the IAO.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24707r1_rule, STIG-ID|DG0106-ORACLE11, Vuln-ID|V-15143

Plugin: Windows

Control ID: 26ba5899328e14e3be215bd5ead7362f6ac38b2dbbd84aa0e77f98b0d52da966