Oracle Database 12c Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The DBMS must limit the number of concurrent sessions for each system account to an organization-defined number of sessions.
<VulnDiscussion>Application management includes the ability to control the number of users and user sessions utilizing an application. Limiti...Rule Medium Severity -
SRG-APP-000023-DB-000001
<GroupDescription></GroupDescription>Group -
The system must employ automated mechanisms for supporting Oracle user account management.
<VulnDiscussion>A comprehensive application account management process that includes automation helps to ensure accounts designated as requir...Rule High Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy.
<VulnDiscussion>Strong access controls are critical to securing application data. Access control policies (e.g., identity-based policies, rol...Rule High Severity -
SRG-APP-000089-DB-000064
<GroupDescription></GroupDescription>Group -
The DBMS must provide audit record generation capability for organization-defined auditable events within the database.
<VulnDiscussion>Audit records can be generated from various components within the information system. (e.g., network interface, hard disk, mo...Rule Medium Severity -
SRG-APP-000090-DB-000065
<GroupDescription></GroupDescription>Group -
SRG-APP-000122-DB-000203
<GroupDescription></GroupDescription>Group -
The DBMS must allow designated organizational personnel to select which auditable events are to be audited by the database.
<VulnDiscussion>The list of audited events is the set of events for which audits are to be generated. This set of events is typically a subse...Rule Medium Severity -
SRG-APP-000091-DB-000066
<GroupDescription></GroupDescription>Group -
The DBMS must generate audit records for the DoD-selected list of auditable events, to the extent such information is available.
<VulnDiscussion>Audit records can be generated from various components within the information system, such as network interfaces, hard disks,...Rule Medium Severity -
SRG-APP-000095-DB-000039
<GroupDescription></GroupDescription>Group -
The DBMS must produce audit records containing sufficient information to establish what type of events occurred.
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary...Rule Medium Severity -
SRG-APP-000096-DB-000040
<GroupDescription></GroupDescription>Group -
The DBMS must produce audit records containing sufficient information to establish when (date and time) the events occurred.
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary...Rule Medium Severity -
SRG-APP-000097-DB-000041
<GroupDescription></GroupDescription>Group -
The DBMS must produce audit records containing sufficient information to establish where the events occurred.
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary...Rule Medium Severity -
The DBMS must produce audit records containing sufficient information to establish the sources (origins) of the events.
<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary...Rule Medium Severity -
SRG-APP-000099-DB-000043
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.