2.3.5 Review Undocumented (Underscore) Parameters Not Set To 'DEFAULT' Values

Information

Oracle allows the use of undocumented (also known as hidden) parameters, which are primarily intended for internal or diagnostic purposes. Undocumented parameter values should not be set or changed from their default values, unless explicitly instructed by Oracle Support for internal or diagnostic purposes.

As not documented, the impact of these parameters is unknown or unpredictable. Reviewing such parameters ensures that they are not inadvertently affecting database operation, security, stability, or performance. They must be reviewed carefully to avoid unintended consequences, compliance violations, or operational issues.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To remediate this setting, execute the following SQL statement and restart the instance if required.

ALTER SYSTEM SET <undocumented_parameter>=<Default value> SCOPE=SPFILE;

See Also

https://workbench.cisecurity.org/benchmarks/16474

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: OracleDB

Control ID: 164841de38a115d300fee94ff789b6ad3489791e853b6a03127c9d788309ffe7