Skip to content

Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted.

An XCCDF Rule

Description

<VulnDiscussion>Multi-tier systems may be configured with the database and connecting middle-tier system located on an internal network, with the database located on an internal network behind a firewall and the middle-tier system located in a DMZ. In cases where either or both systems are located in the DMZ (or on networks external to DoD), network communications between the systems must be encrypted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-219713r879887_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure communications between the DBMS and remote applications/application servers to use DoD-approved encryption.