DG0065-ORACLE11 - DBMS authentication should require use of a DoD PKI certificate.

Information

In a properly configured DBMS, access controls defined for data access and DBMS management actions are assigned based on the user identity and job function. Unauthenticated or falsely authenticated access leads directly to the potential unauthorized access, misuse and lost accountability of data and activities within the DBMS. Use of PKI certificates for authentication to the DBMS provides a robust mechanism to ensure identity to authorize access to the DBMS.

Solution

Implement PKI authentication for all accounts defined within the database where applicable.

Applications may use host system (server) certificates to authenticate.

For MAC 3 systems, use of the DoD PKI Class 3 certificate and hardware security token (when available) at minimum is required.

For MAC 1 and 2 systems, use of the DoD PKI Class 3 or 4 certificate and hardware security token (when available) or an NSA-certified product at minimum is required.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2, CAT|II, Rule-ID|SV-25026r1_rule, STIG-ID|DG0065-ORACLE11, Vuln-ID|V-3810

Plugin: OracleDB

Control ID: efdeb4ddd9dfc9dc740483342ccd8cd4769b741ccc03492a11178f84922b39e5