Oracle Database 11.2g Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
Non-organizational users include all information system users other than organizational users which include organizational employees or individuals the organization deems to have equivalent status ...Rule Medium Severity -
The DBMS must separate user functionality (including user interface services) from database management functionality.
Information system management functionality includes functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The ...Rule Medium Severity -
Vendor-supported software must be evaluated and patched against newly found vulnerabilities.
Security faults with software applications and operating systems are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabiliti...Rule High Severity -
DBMS default accounts must be assigned custom passwords.
Password maximum lifetime is the maximum period of time, (typically in days) a user's password may be in effect before the user is forced to change it. Passwords need to be changed at specific po...Rule High Severity -
The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.
Preventing the disclosure of transmitted information requires that applications take measures to employ some form of cryptographic mechanism in order to protect the information during transmission....Rule High Severity -
The DBMS must enforce Discretionary Access Control (DAC) policy allowing users to specify and control sharing by named individuals, groups of individuals, or by both, limiting propagation of access rights and includes or excludes access to the granularity of a single user.
Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mechanisms (e.g., access control lists, access control matrices, crypto...Rule Medium Severity -
The DBMS must be protected from unauthorized access by developers on shared production/development host systems.
Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also...Rule Medium Severity -
Administrators must utilize a separate, distinct administrative account when performing administrative activities, accessing database security functions, or accessing security-relevant information.
This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of role is intended to address those situations where an access control polic...Rule Medium Severity -
The DBA role must not be assigned excessive or unauthorized privileges.
This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of role is intended to address those situations where an access control polic...Rule Medium Severity -
OS accounts utilized to run external procedures called by the DBMS must have limited privileges.
This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of role is intended to address those situations where an access control polic...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.