Oracle Database 12c Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The DBMS must support the disabling of network protocols deemed by the organization to be nonsecure.
This requirement is related to remote access, but more specifically to the networking protocols allowing systems to communicate. Remote access is any access to an organizational information system ...Rule Medium Severity -
The DBMS must provide a mechanism to automatically remove or disable temporary user accounts after 72 hours.
Temporary application accounts could ostensibly be used in the event of a vendor support visit where a support representative requires a temporary unique account in order to perform diagnostic test...Rule Medium Severity -
A single database connection configuration file must not be used to configure all database clients.
Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also...Rule Medium Severity -
Administrative privileges must be assigned to database accounts via database roles.
Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also...Rule Medium Severity -
The DBMS must verify account lockouts persist until reset by an administrator.
Anytime an authentication method is exposed, to allow for the utilization of an application, there is a risk that attempts will be made to obtain unauthorized access. To defeat these attempts, org...Rule Medium Severity -
The DBMS must set the maximum number of consecutive invalid logon attempts to three.
Anytime an authentication method is exposed, to allow for the utilization of an application, there is a risk that attempts will be made to obtain unauthorized access. To defeat these attempts, or...Rule Medium Severity -
Databases utilizing Discretionary Access Control (DAC) must enforce a policy that limits propagation of access rights.
Discretionary Access Control (DAC) is based on the premise that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in whic...Rule Medium Severity -
A DBMS utilizing Discretionary Access Control (DAC) must enforce a policy that includes or excludes access to the granularity of a single user.
DAC is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ow...Rule Medium Severity -
The DBMS must support enforcement of logical access restrictions associated with changes to the DBMS configuration and to the database itself.
When dealing with access restrictions pertaining to change control, it should be noted any changes to the hardware, software, and/or firmware components of the information system and/or application...Rule Medium Severity -
Database backup procedures must be defined, documented, and implemented.
Information system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. In order to as...Rule Medium Severity -
DBMS backup and restoration files must be protected from unauthorized access.
Information system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. In order to as...Rule Medium Severity -
The DBMS must ensure users are authenticated with an individual authenticator prior to using a shared authenticator.
To assure individual accountability and prevent unauthorized access, application users (and any processes acting on behalf of users) must be individually identified and authenticated. A shared aut...Rule Medium Severity -
The DBMS must support organizational requirements to enforce minimum password length.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. To meet password policy requirements, passwords need to...Rule Medium Severity -
The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. To meet password policy requirements, passwords need to...Rule Medium Severity -
The DBMS must support organizational requirements to enforce password complexity by the number of lowercase characters used.
Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determi...Rule Medium Severity -
The DBMS must support organizational requirements to enforce password complexity by the number of special characters used.
Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determi...Rule Medium Severity -
The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed.
Passwords need to be changed at specific policy-based intervals. If the information system or application allows the user to consecutively reuse extensive portions of their password when they chan...Rule Medium Severity -
Procedures for establishing temporary passwords that meet DOD password requirements for new accounts must be defined, documented, and implemented.
Password maximum lifetime is the maximum period of time, (typically in days) a user's password may be in effect before the user is forced to change it. Passwords need to be changed at specific po...Rule Medium Severity -
DBMS passwords must not be stored in compiled, encoded, or encrypted batch jobs or compiled, encoded, or encrypted application source code.
Password maximum lifetime is the maximum period of time, (typically in days) a user's password may be in effect before the user is forced to change it. Passwords need to be changed at specific po...Rule Medium Severity -
The DBMS must terminate the network connection associated with a communications session at the end of the session or 15 minutes of inactivity.
Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network...Rule Medium Severity -
The DBMS must protect against or limit the effects of organization-defined types of Denial of Service (DoS) attacks.
A variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks. For example, boundary protection devices can filter certain types of packets to protect devices on ...Rule Medium Severity -
Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. T...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.