DG0077-ORACLE11 - Production databases should be protected from unauthorized access by developers on shared production/development host systems.

Information

Developers granted elevated database, operating system privileges on systems that support both development, and production databases can affect the operation and/or security of the production database system. Operating system and database privileges assigned to developers on shared development and production systems should be restricted.

Solution

Develop, document and implement procedures to review and maintain privileges granted to developers on shared production and development host systems and databases.

Recommend establishing a dedicated DBMS host for production DBMS installations (See Checks DG0109 and DG0110).

A dedicated host system in this case refers to an instance of the operating system at a minimum.

The operating system may reside on a virtual host machine where supported by the DBMS vendor.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, Rule-ID|SV-24391r2_rule, STIG-ID|DG0077-ORACLE11, Vuln-ID|V-3820

Plugin: OracleDB

Control ID: c6a605213ee4958af773667f228dcc5454176493d5b26af27e2dde9f0ab60b4d