Oracle Database 12c Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Oracle Database must map the PKI-authenticated identity to an associated user account.
The DOD standard for authentication is DOD-approved PKI certificates. Once a PKI certificate has been validated, it must be mapped to a DBMS user account for the authenticated identity to be meanin...Rule Medium Severity -
SRG-APP-000179-DB-000114
Group -
SRG-APP-000220-DB-000149
Group -
The DBMS must terminate user sessions upon user logoff or any other organization or policy-defined session termination events, such as idle time limit exceeded.
This requirement focuses on communications protection at the application session, versus network packet, level. Session IDs are tokens generated by web applications to uniquely identify an applica...Rule Medium Severity -
SRG-APP-000226-DB-000147
Group -
SRG-APP-000231-DB-000154
Group -
SRG-APP-000233-DB-000124
Group -
SRG-APP-000243-DB-000128
Group -
SRG-APP-000251-DB-000160
Group -
The DBMS must check the validity of data inputs.
Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated applic...Rule Medium Severity -
SRG-APP-000266-DB-000162
Group -
SRG-APP-000267-DB-000163
Group -
The DBMS must restrict error messages so only authorized personnel may view them.
If the application provides too much information in error logs and administrative messages to the screen, this could lead to compromise. The structure and content of error messages need to be caref...Rule Medium Severity -
SRG-APP-000178-DB-000083
Group -
Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
To prevent the compromise of authentication information, such as passwords, during the authentication process, the feedback from the information system shall not provide any information that would ...Rule High Severity -
SRG-APP-000178-DB-000083
Group -
When using command-line tools such as Oracle SQL*Plus, which can accept a plain-text password, users must use an alternative logon method that does not expose the password.
The SRG states: "To prevent the compromise of authentication information, such as passwords, during the authentication process, the feedback from the information system shall not provide any infor...Rule High Severity -
SRG-APP-000109-DB-000049
Group -
The DBMS must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
In order to ensure sufficient storage capacity for the audit logs, the DBMS must be able to allocate audit record storage capacity. Although another requirement (SRG-APP-000515-DB-000318) mandates ...Rule Medium Severity -
SRG-APP-000133-DB-000179
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.