DG0069-ORACLE11 - Procedures and restrictions for import of production data to development databases should be documented, implemented and followed.

Information

Data export from production databases may include sensitive data. Application developers may not be cleared for or have need-to-know to sensitive data. Any access they may have to production data would be considered unauthorized access and subject the sensitive data to unlawful or unauthorized disclosure.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop, document and implement policy and procedures that provide restrictions for production data export.

Require users and administrators assigned privileges that allow the export of production data from a production database to acknowledge understanding of export restrictions.

Restrict permissions allowing use or access to database export procedures or functions to authorized users.

Ensure sensitive data from production is sanitized prior to import to a development database (See check DG0076).

Grant access and need-to-know to developers where allowed by policy.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24645r1_rule, STIG-ID|DG0069-ORACLE11, Vuln-ID|V-15140

Plugin: Windows

Control ID: 0dccfe75ddeddd8cd2849088e0e4df5b639382449acc73d115334e0cfdf846df