DG0074-ORACLE11 - Unapproved inactive or expired database accounts should not be found on the database.

Information

Unused or expired DBMS accounts provide a means for undetected, unauthorized access to the database.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop, document and implement procedures to monitor database accounts for inactivity and account expiration.

Investigate and re-authorize or delete [if appropriate] any accounts that are expired or have been inactive for more than 30 days.

Where appropriate, protect authorized expired or inactive accounts by disabling them or applying some other similar protection.

NOTE: Password and account requirements have changed for DoD since this STIG requirement was published.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24652r1_rule, STIG-ID|DG0074-ORACLE11, Vuln-ID|V-15130

Plugin: OracleDB

Control ID: b7242e1dff9437291729806bb4e02a3218d00904b8296c64cee01465100498a5