Detections
Analytics
DG0154-ORACLE11 - The DBMS requires a System Security Plan containing all required information.
Information
A System Security Plan identifies security control applicability and configuration for the DBMS. It also contains security control documentation requirements. Security controls applicable to the DBMS may not be documented, tracked or followed if not identified in the System Security Plan. Any omission of security control consideration could lead to an exploit of DBMS vulnerabilities.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Develop, document and implement a System Security Plan for the DBMS.Include IA documentation related to the DBMS in the System Security Plan for the system that the DBMS supports.
Review section 3.4 - System Security Plan Overview in the ORACLE DATABASE SECURITY CHECKLIST for more information.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip
Item Details
Audit Name: DISA STIG Oracle 11 Installation v9r1 Windows
References: CAT|III, Rule-ID|SV-24437r1_rule, STIG-ID|DG0154-ORACLE11, Vuln-ID|V-15150
Plugin: Windows
Control ID: e092faaea83182e2f2cc7e1def68984409a861c0fc551216c35317f43398b8b7