DISA_STIG_Oracle_Database_11.2g_v2r3_DB.audit from DISA Oracle Database 11.2g v2r3 STIG | |
O112-BP-021200 - Access to default accounts used to support replication must be restricted to authorized DBAs. | CONFIGURATION MANAGEMENT |
O112-BP-021300 - Oracle instance names must not contain Oracle version numbers. | CONFIGURATION MANAGEMENT |
O112-BP-021400 - Fixed user and public database links must be authorized for use - 'DB Links' | CONFIGURATION MANAGEMENT |
O112-BP-021400 - Fixed user and public database links must be authorized for use - 'repcatlog count = 0' | CONFIGURATION MANAGEMENT |
O112-BP-021500 - A minimum of two Oracle control files must be defined and configured to be stored on separate, archived disks (physical or virtual) or archived partitions on a RAID device. | CONFIGURATION MANAGEMENT |
O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device - V$LOG count | CONFIGURATION MANAGEMENT |
O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device - V$LOG members count | CONFIGURATION MANAGEMENT |
O112-BP-021700 - The Oracle WITH GRANT OPTION privilege must not be granted to non-DBA or non-Application administrator user accounts. | CONFIGURATION MANAGEMENT |
O112-BP-021800 - Execute permission must be revoked from PUBLIC for restricted Oracle packages. | CONFIGURATION MANAGEMENT |
O112-BP-021900 - The Oracle REMOTE_OS_AUTHENT parameter must be set to FALSE. | CONFIGURATION MANAGEMENT |
O112-BP-022000 - The Oracle REMOTE_OS_ROLES parameter must be set to FALSE. | CONFIGURATION MANAGEMENT |
O112-BP-022100 - The Oracle SQL92_SECURITY parameter must be set to TRUE. | CONFIGURATION MANAGEMENT |
O112-BP-022200 - The Oracle password file ownership and permissions should be limited and the REMOTE_LOGIN_PASSWORDFILE parameter must be set to EXCLUSIVE or NONE. | CONFIGURATION MANAGEMENT |
O112-BP-022300 - System privileges granted using the WITH ADMIN OPTION must not be granted to unauthorized user accounts. | CONFIGURATION MANAGEMENT |
O112-BP-022400 - System Privileges must not be granted to PUBLIC. | CONFIGURATION MANAGEMENT |
O112-BP-022500 - Oracle roles granted using the WITH ADMIN OPTION must not be granted to unauthorized accounts. | CONFIGURATION MANAGEMENT |
O112-BP-022600 - Object permissions granted to PUBLIC must be restricted. | CONFIGURATION MANAGEMENT |
O112-BP-022800 - Application role permissions must not be assigned to the Oracle PUBLIC role. | CONFIGURATION MANAGEMENT |
O112-BP-022900 - Oracle application administration roles must be disabled if not required and authorized. | CONFIGURATION MANAGEMENT |
O112-BP-023000 - Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted. | CONFIGURATION MANAGEMENT |
O112-BP-023100 - Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions - job_queue_processes | CONFIGURATION MANAGEMENT |
O112-BP-023100 - Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions - MAX_JOB_SLAVE_PROCESSES | CONFIGURATION MANAGEMENT |
O112-BP-023200 - Unauthorized database links must not be defined and active. | CONFIGURATION MANAGEMENT |
O112-BP-023300 - Sensitive information from production database exports must be modified before being imported into a development database. | CONFIGURATION MANAGEMENT |
O112-BP-023600 - Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace - default tablespace | CONFIGURATION MANAGEMENT |
O112-BP-023600 - Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace - non-default account records | CONFIGURATION MANAGEMENT |
O112-BP-023700 - Application owner accounts must have a dedicated application tablespace. | CONFIGURATION MANAGEMENT |
O112-BP-023800 - The directories assigned to the LOG_ARCHIVE_DEST* parameters must be protected from unauthorized access. | CONFIGURATION MANAGEMENT |
O112-BP-023900 - The Oracle _TRACE_FILES_PUBLIC parameter if present must be set to FALSE. | CONFIGURATION MANAGEMENT |
O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions - dba roles | CONFIGURATION MANAGEMENT |
O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions - locked roles | CONFIGURATION MANAGEMENT |
O112-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems. | CONFIGURATION MANAGEMENT |
O112-BP-024200 - Use of the DBMS installation account must be logged. | CONFIGURATION MANAGEMENT |
O112-BP-024750 - Oracle database products must be a version supported by the vendor. | SYSTEM AND INFORMATION INTEGRITY |
O112-BP-025101 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files. | CONFIGURATION MANAGEMENT |
O112-BP-025500 - Replication accounts must not be granted DBA privileges. | CONFIGURATION MANAGEMENT |
O112-BP-025800 - Changes to configuration options must be audited. | CONFIGURATION MANAGEMENT |
O112-BP-026200 - Changes to DBMS security labels must be audited. | CONFIGURATION MANAGEMENT |
O112-BP-026300 - Remote database or other external access must use fully-qualified names. | CONFIGURATION MANAGEMENT |
O112-C1-015000 - DBMS default accounts must be assigned custom passwords. | CONFIGURATION MANAGEMENT |
O112-C2-000100 - The DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions. | ACCESS CONTROL |
O112-C2-001800 - The system must employ automated mechanisms for supporting Oracle user account management. | ACCESS CONTROL |
O112-C2-001900 - The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts - Profile list | CONFIGURATION MANAGEMENT |
O112-C2-001900 - The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts - User not assigned the default | CONFIGURATION MANAGEMENT |
O112-C2-001900 - The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts - User Profile assignment | CONFIGURATION MANAGEMENT |
O112-C2-002000 - The DBMS must provide a mechanism to automatically terminate accounts designated as temporary or emergency accounts after an organization-defined time period. | CONFIGURATION MANAGEMENT |
O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy - Role assignments to users | ACCESS CONTROL |
O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy - Role Table SELECT | ACCESS CONTROL |
O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy - User role listing | ACCESS CONTROL |