O121-BP-021200 - Access to default accounts used to support replication must be restricted to authorized DBAs.

Information

Replication database accounts are used for database connections between databases. Replication requires the configuration of these accounts using the same username and password on all databases participating in the replication. Replication connections use fixed user database links. This means that access to the replication account on one server provides access to the other servers participating in the replication. Granting unauthorized access to the replication account provides unauthorized and privileged access to all databases participating in the replication group.

Solution

Change the password for default and custom replication accounts and provide the password to ISSO-authorized users only.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_12c_V2R9_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-219824r879887_rule, STIG-ID|O121-BP-021200, STIG-Legacy|SV-75901, STIG-Legacy|V-61411, Vuln-ID|V-219824

Plugin: OracleDB

Control ID: d89959f82ce8573a25e06fb076a46977c5dd6769383071d84477525bb679b9d3