Oracle Database 11.2g Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The DBMS must have the capability to limit the number of failed login attempts based upon an organization-defined number of consecutive invalid attempts occurring within an organization-defined time period.
Anytime an authentication method is exposed, to allow for the utilization of an application, there is a risk that attempts will be made to obtain unauthorized access. To defeat these attempts, o...Rule Medium Severity -
Databases utilizing Discretionary Access Control (DAC) must enforce a policy that limits propagation of access rights.
Discretionary Access Control (DAC) is based on the premise that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in whic...Rule Medium Severity -
The DBMS itself, or the logging or alerting mechanism the application utilizes, must provide a warning when allocated audit record storage volume reaches an organization-defined percentage of maximum audit record storage capacity.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include: software/hardware errors, failures ...Rule Medium Severity -
The DBMS must provide a real-time alert when organization-defined audit failure events occur.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Audit processing failures include: software/hardware errors, failures ...Rule Medium Severity -
Database backup procedures must be defined, documented, and implemented.
Information system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. In order to a...Rule Medium Severity -
DBMS backup and restoration files must be protected from unauthorized access.
Information system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. In order to a...Rule Medium Severity -
The DBMS must disable user accounts after 35 days of inactivity.
Attackers that are able to exploit an inactive DBMS account can potentially obtain and maintain undetected access to the database. Owners of inactive DBMS accounts will not notice if unauthorized...Rule Medium Severity -
The DBMS must support organizational requirements to enforce minimum password length.
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. To meet password policy requirements, passwords need t...Rule Medium Severity -
The DBMS must support organizational requirements to enforce password complexity by the number of lower-case characters used.
Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determ...Rule Medium Severity -
The DBMS must support organizational requirements to enforce password complexity by the number of special characters used.
Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determ...Rule Medium Severity -
The DBMS must enforce password maximum lifetime restrictions.
Password maximum lifetime is the maximum period of time, (typically in days) a user's password may be in effect before the user is forced to change it. Passwords need to be changed at specific pol...Rule Medium Severity -
The DBMS must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
Use of cryptography to provide confidentiality and non-repudiation is not effective unless strong methods are employed. Many earlier encryption methods and modules have been broken and/or overtaken...Rule Medium Severity -
The DBMS must support taking organization-defined list of least disruptive actions to terminate suspicious events.
System availability is a key tenet of system security. Organizations need to have the flexibility to be able to define the automated actions taken in response to an identified incident. This includ...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
Access to default accounts used to support replication must be restricted to authorized DBAs.
Replication database accounts are used for database connections between databases. Replication requires the configuration of these accounts using the same username and password on all databases par...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
Oracle instance names must not contain Oracle version numbers.
Service names may be discovered by unauthenticated users. If the service name includes version numbers or other database product information, a malicious user may use that information to develop a ...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
SRG-APP-000516-DB-000363
Group -
SRG-APP-000516-DB-000363
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.