| 1.135 RHEL-09-232135 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'DBA user group members' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DG0012-ORACLE11 - Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications - 'ORACLE_BASE environment variable set' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '$ORACLE_HOME/network/admin/sqlnet.ora SSL_CIPHER_SUITES is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0040-ORACLE11 - The DBMS software installation account should be restricted to authorized users - '$ORACLE_BASE owner, group and permissions are configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0060-ORACLE11 - All database non-interactive, n-tier connection, and shared accounts that exist should be documented and approved by the IAO. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0070-ORACLE11 - Unauthorized user accounts should not exist. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0077-ORACLE11 - Production databases should be protected from unauthorized access by developers on shared production/development host systems. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0085-ORACLE11 - The DBA role should not be assigned excessive or unauthorized privileges. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0098-ORACLE11 - ccess to external objects should be disabled if not required and authorized - 'utl_file_dir does not include *' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\hs\admin\extproc.ora SET EXTPROC_DLLS contains only valid paths' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/network/admin/listener.ora PROGRAM=EXTPROC does not exist' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '$ORACLE_HOME/rdbms/admin/externaljob.ora SET EXTPROC_DLLS path' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0109-ORACLE11 - The DBMS should not be operated without authorization on a host system supporting other application services - 'W3SVC, FTPSVC, DNS and DHCPServer servcies are not running' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0110-ORACLE11 - The DBMS should not share a host supporting an independent security service. | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| DG0112-ORACLE11 - DBMS system data files should be stored in dedicated disk directories. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0117-ORACLE11 - Administrative privileges should be assigned to database accounts via database roles. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DG0187-ORACLE11 - DBMS software libraries should be periodically backed up - '$ORACLE_HOME files are being backed up' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONTINGENCY PLANNING |
| DG0191-ORACLE11 - Credentials used to access remote databases should be protected by encryption and restricted to authorized users - '$ORACLE_HOME/network/admin/sqlnet.ora WALLET_LOCATION does not exist' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | IDENTIFICATION AND AUTHENTICATION |
| DO0190-ORACLE11 - The audit table should be owned by SYS or SYSTEM - 'Audit table owner = SYS or SYSTEM' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA SQLNET.INBOUND_CONNECT_TIMEOUT > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '$ORACLE_HOME/network/admin/sqlnet.ora SQLNET.INBOUND_CONNECT_TIMEOUT = 0' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO0320-ORACLE11 - Application role permissions should not be assigned to the Oracle PUBLIC role - 'PUBLIC role has no granted roles' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO0340-ORACLE11 - Oracle application administration roles should be disabled if not required and authorized. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO0350-ORACLE11 - Oracle system privileges should not be directly assigned to unauthorized accounts. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO3536-ORACLE11 - The IDLE_TIME profile parameter should be set for Oracle profiles IAW DoD policy - 'Non-default profile IDLE_TIME < 15 minutes' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | CONFIGURATION MANAGEMENT |
| DO3609-ORACLE11 - System privileges granted using the WITH ADMIN OPTION should not be granted to unauthorized user accounts - 'No accounts granted with admin option exist' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO3610-ORACLE11 - Required object auditing should be configured - 'all_def_audit_opts count <> 0' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DO3610-ORACLE11 - Required object auditing should be configured - 'Auditing for update and delete is enabled' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| DO3612-ORACLE11 - System Privileges should not be granted to PUBLIC - 'No system privileges granted to PUBLIC' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO3689-ORACLE11 - Object permissions granted to PUBLIC should be restricted. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA LOG_DIRECTORY_SERVER is configured' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DO5037-ORACLE11 - Oracle SQLNet and listener log files should not be accessible to unauthorized users - 'LOG_DIRECTORY_{listener} is configured' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DTBI015 - The IE warning about certificate address mismatch must be enforced. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTBI596 - Internet Explorer Processes for MIME sniffing must be enforced (Explorer). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTBI870 - Launching programs and unsafe files property must be set to prompt (Restricted Site zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTBI920 - .NET Framework-reliant components not signed with Authenticode must be disallowed to run (Internet Zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WI6020 IIS6 - The Recycle Worker processes in minutes monitor must be set properly. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6024 IIS6 - The maximum virtual memory monitor must be enabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6026 IIS6 - The maximum used memory monitor must be enabled. | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WI6084 IIS6 - The FavorUTF8 registry key must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WA000-WI6090 IIS6 - The UrlSegmentMaxLength registry entry must be set properly. | DISA STIG IIS 6.0 Server v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - test-cgi | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA056 A22 - The MultiViews directive must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WA000-WWA058 W22 - Directory indexing must be disabled on directories not containing index files. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA000-WWA064 W22 - The HTTP request header field size must be limited. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WA00510 W22 - Web server status module must be disabled. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | ACCESS CONTROL |
| WG080 IIS6 - A compiler must not be installed on a production web server. - 'javac.exe search' | DISA STIG IIS 6.0 Server v6r16 | Windows | CONFIGURATION MANAGEMENT |
| WG345 A22 - The web server must remove all export ciphers from the cipher suite. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG370 A22 - MIME types for csh or sh shell programs must be disabled - Action | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
