IBM DB2 V10.5 LUW Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Access to external executables must be disabled or restricted.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000142-DB-000094
<GroupDescription></GroupDescription>Group -
DB2 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
<VulnDiscussion>In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e....Rule Medium Severity -
SRG-APP-000172-DB-000075
<GroupDescription></GroupDescription>Group -
If passwords are used for authentication, DB2 must transmit only encrypted representations of passwords.
<VulnDiscussion>The DoD standard for authentication is DoD-approved PKI certificates. Authentication based on User ID and Password may be us...Rule Medium Severity -
SRG-APP-000178-DB-000083
<GroupDescription></GroupDescription>Group -
SRG-APP-000178-DB-000083
<GroupDescription></GroupDescription>Group -
SRG-APP-000495-DB-000328
<GroupDescription></GroupDescription>Group -
When using command-line tools such as db2, users must use a Connect method that does not expose the password.
<VulnDiscussion>To prevent the compromise of authentication information, such as passwords and PINs, during the authentication process, the f...Rule High Severity -
SRG-APP-000179-DB-000114
<GroupDescription></GroupDescription>Group -
DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.
<VulnDiscussion>Use of weak or not validated cryptographic algorithms undermines the purposes of utilizing encryption and digital signatures ...Rule High Severity -
SRG-APP-000211-DB-000122
<GroupDescription></GroupDescription>Group -
DB2 must separate user functionality (including user interface services) from database management functionality.
<VulnDiscussion>Information system management functionality includes functions necessary to administer databases, network components, worksta...Rule Medium Severity -
SRG-APP-000224-DB-000384
<GroupDescription></GroupDescription>Group -
DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
<VulnDiscussion>One class of man-in-the-middle, or session hijacking, attack involves the adversary guessing at valid session identifiers bas...Rule Medium Severity -
SRG-APP-000226-DB-000147
<GroupDescription></GroupDescription>Group -
Access to database files must be limited to relevant processes and to authorized, administrative users.
<VulnDiscussion>Applications, including DBMSs, must prevent unauthorized and unintended information transfer via shared system resources. Per...Rule Medium Severity -
In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.
<VulnDiscussion>Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. F...Rule Medium Severity -
SRG-APP-000231-DB-000154
<GroupDescription></GroupDescription>Group -
DB2 must protect the confidentiality and integrity of all information at rest.
<VulnDiscussion>This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.