Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted.
An XCCDF Rule
Description
<VulnDiscussion>Multi-tier systems may be configured with the database and connecting middle-tier system located on an internal network, with the database located on an internal network behind a firewall and the middle-tier system located in a DMZ. In cases where either or both systems are located in the DMZ (or on networks external to DoD), network communications between the systems must be encrypted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-219713r879887_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure communications between the DBMS and remote applications/application servers to use DoD-approved encryption.