DISA STIG Oracle 11.2g v2r4 Database

Audit Details

Name: DISA STIG Oracle 11.2g v2r4 Database

Updated: 6/17/2024

Authority: DISA STIG

Plugin: OracleDB

Revision: 1.2

Estimated Item Count: 121

File Details

Filename: DISA_STIG_Oracle_Database_11.2g_v2r4_Database.audit

Size: 358 kB

MD5: 4d920c7db70d9ab330ee7f0261fac74a
SHA256: 228880c2f854b26c2f5a9f8ed0650117e7681f795dc65285356293f4a863171b

Audit Changelog

 
Revision 1.2

Jun 17, 2024

Miscellaneous
  • Metadata updated.
Revision 1.1

May 17, 2024

Added
  • O112-BP-021400 - Fixed user and public database links must be authorized for use.
  • O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.
  • O112-BP-023100 - Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions.
  • O112-BP-023600 - Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace.
  • O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions.
  • O112-C2-001900 - The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts.
  • O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy.
  • O112-C2-009300 - The DBMS must protect audit information from any type of unauthorized access.
  • O112-C2-009400 - The DBMS must protect audit information from unauthorized modification.
  • O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed.
  • O112-C2-014000 - The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations.
  • O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded.
  • O112-C2-018300 - The DBMS must take needed steps to protect data at rest and ensure confidentiality and integrity of application data.
Removed
  • O112-BP-021400 - Fixed user and public database links must be authorized for use - 'DB Links'
  • O112-BP-021400 - Fixed user and public database links must be authorized for use - 'repcatlog count = 0'
  • O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device - V$LOG count
  • O112-BP-021600 - A minimum of two Oracle redo log groups/files must be defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device - V$LOG members count
  • O112-BP-023100 - Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions - MAX_JOB_SLAVE_PROCESSES
  • O112-BP-023100 - Database job/batch queues must be reviewed regularly to detect unauthorized database job submissions - job_queue_processes
  • O112-BP-023600 - Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace - default tablespace
  • O112-BP-023600 - Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace - non-default account records
  • O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions - dba roles
  • O112-BP-024000 - Application object owner accounts must be disabled when not performing installation or maintenance actions - locked roles
  • O112-C2-001900 - The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts - Profile list
  • O112-C2-001900 - The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts - User Profile assignment
  • O112-C2-001900 - The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts - User not assigned the default
  • O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy - Role Table SELECT
  • O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy - Role assignments to users
  • O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy - User Table SELECT
  • O112-C2-002700 - The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy - User role listing
  • O112-C2-009300 - The DBMS must protect audit information from any type of unauthorized access - 'DBA_COL_PRIVS'
  • O112-C2-009300 - The DBMS must protect audit information from any type of unauthorized access - 'DBA_TAB_PRIVS'
  • O112-C2-009400 - The DBMS must protect audit information from unauthorized modification - 'DBA_COL_PRIVS'
  • O112-C2-009400 - The DBMS must protect audit information from unauthorized modification - 'DBA_TAB_PRIVS'
  • O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed - 'BI User'
  • O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed - 'HR User'
  • O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed - 'IX User'
  • O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed - 'OE User'
  • O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed - 'PM User'
  • O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed - 'SCOTT User'
  • O112-C2-011500 - Default demonstration and sample databases, database objects, and applications must be removed - 'SH User'
  • O112-C2-014000 - The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations - PASSWORD_REUSE_MAX >= 5
  • O112-C2-014000 - The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations - PASSWORD_REUSE_TIME >= 5
  • O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded - CONNECT_TIME
  • O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded - IDLE_TIME
  • O112-C2-017600 - The DBMS must terminate user sessions upon user logout or any other organization or policy-defined session termination events, such as idle time limit exceeded - SESSIONS_PER_USER
  • O112-C2-018300 - The DBMS must take needed steps to protect data at rest and ensure confidentiality and integrity of application data - encrypted columns
  • O112-C2-018300 - The DBMS must take needed steps to protect data at rest and ensure confidentiality and integrity of application data - encrypted tablespace
  • O112-C2-018300 - The DBMS must take needed steps to protect data at rest and ensure confidentiality and integrity of application data - tablespace encryption algorithm