Skip to content
Log In

Oracle Database 11.2g Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The DBMS must protect against an individual using a group account from falsely denying having performed a particular action.

    Non-repudiation of actions taken is required in order to maintain application integrity. Examples of particular actions taken by individuals include creating information, sending a message, approvi...
    Rule Low Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • DBA OS accounts must be granted only those host system privileges necessary for the administration of the DBMS.

    This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of role is intended to address those situations where an access control polic...
    Rule High Severity
    Show

  • SRG-APP-000456-DB-000390

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000441-DB-000378

    Group
    Show

  • SRG-APP-000142-DB-000094

    Group
    Show

  • The DBMS must support the disabling of network protocols deemed by the organization to be non-secure.

    This requirement is related to remote access, but more specifically to the networking protocols allowing systems to communicate. Remote access is any access to an organizational information system ...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • The DBMS must provide a mechanism to automatically identify accounts designated as temporary or emergency accounts.

    Temporary application accounts could be used in the event of a vendor support visit where a support representative requires a temporary unique account in order to perform diagnostic testing or cond...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • The DBMS must provide a mechanism to automatically terminate accounts designated as temporary or emergency accounts after an organization-defined time period.

    Temporary application accounts could ostensibly be used in the event of a vendor support visit where a support representative requires a temporary unique account in order to perform diagnostic test...
    Rule Medium Severity
    Show

  • SRG-APP-000328-DB-000301

    Group
    Show

  • SRG-APP-000033-DB-000084

    Group
    Show

  • The DBMS must restrict grants to sensitive information to authorized user roles.

    Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • A single database connection configuration file must not be used to configure all database clients.

    Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also...
    Rule Medium Severity
    Show

  • SRG-APP-000133-DB-000362

    Group
    Show

  • The DBMS must be protected from unauthorized access by developers.

    Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000243-DB-000374

    Group
    Show

  • The DBMS must restrict access to system tables and other configuration information or metadata to DBAs or other authorized users.

    Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also...
    Rule Medium Severity
    Show

  • SRG-APP-000133-DB-000362

    Group
    Show

  • Administrative privileges must be assigned to database accounts via database roles.

    Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also...
    Rule Medium Severity
    Show

  • SRG-APP-000233-DB-000124

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000141-DB-000093

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • The DBMS must specify an account lockout duration that is greater than or equal to the organization-approved minimum.

    Anytime an authentication method is exposed, to allow for the utilization of an application, there is a risk that attempts will be made to obtain unauthorized access. To defeat these attempts, org...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000328-DB-000301

    Group
    Show

  • SRG-APP-000328-DB-000301

    Group
    Show

  • A DBMS utilizing Discretionary Access Control (DAC) must enforce a policy that includes or excludes access to the granularity of a single user.

    DAC is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ow...
    Rule Medium Severity
    Show

  • SRG-APP-000359-DB-000319

    Group
    Show

  • SRG-APP-000360-DB-000320

    Group
    Show

  • SRG-APP-000380-DB-000360

    Group
    Show

  • The DBMS must support enforcement of logical access restrictions associated with changes to the DBMS configuration and to the database itself.

    When dealing with access restrictions pertaining to change control, it should be noted any changes to the hardware, software, and/or firmware components of the information system and/or application...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • Database recovery procedures must be developed, documented, implemented, and periodically tested.

    Information system backup is a critical step in maintaining data assurance and availability. User-level information is data generated by information system and/or application users. In order to a...
    Rule Medium Severity
    Show

  • SRG-APP-000243-DB-000374

    Group
    Show

  • SRG-APP-000023-DB-000001

    Group
    Show

  • The DBMS must use multifactor authentication for access to user accounts.

    Multifactor authentication is defined as using two or more factors to achieve authentication. Factors include: (i) Something a user knows (e.g., password/PIN); (ii) Something a user has (e.g., c...
    Rule High Severity
    Show

  • SRG-APP-000148-DB-000103

    Group
    Show

  • The DBMS must ensure users are authenticated with an individual authenticator prior to using a group authenticator.

    To assure individual accountability and prevent unauthorized access, application users (and any processes acting on behalf of users) must be individually identified and authenticated. A group au...
    Rule Medium Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • SRG-APP-000164-DB-000401

    Group
    Show

  • SRG-APP-000164-DB-000401

    Group
    Show

  • The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations.

    Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. To meet password policy requirements, passwords need t...
    Rule Medium Severity
    Show

  • SRG-APP-000164-DB-000401

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules