DG0102-ORACLE11 - DBMS processes or services should run under custom, dedicated OS accounts - 'Oracle Services are running under dedicated service accounts'


Shared accounts do not provide separation of duties nor allow for assignment of least privileges for use by database processes and services. Without separation and least privilege, the exploit of one service or process is more likely to be able to compromise another or all other services.


On UNIX Systems:

Ensure the Oracle Owner account is used for all Oracle processes.

The Oracle SNMP agent (Intelligent or Management Agent) is required (by Oracle Corp per MetaLink Note 548928.1) to use the Oracle Process owner account.

On Windows Systems:

Create and assign a dedicated Oracle Windows OS account for all Oracle processes.

See Also


Item Details


References: 800-53|AC-5, 800-53|AC-6, CAT|II, Rule-ID|SV-24702r2_rule, STIG-ID|DG0102-ORACLE11, Vuln-ID|V-15141

Plugin: Windows

Control ID: abd68f32cd7c9c97a788c2bdd7f4aa54ca20141b5e878a45f6ae8d8973c39051