III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
The DBMS must be protected from unauthorized access by developers.
<VulnDiscussion>Applications employ the concept of least privilege for specific duties and information systems (including specific functions,...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
The DBMS must be protected from unauthorized access by developers on shared production/development host systems.
<VulnDiscussion>Applications employ the concept of least privilege for specific duties and information systems (including specific functions,...Rule Medium Severity -
SRG-APP-000243-DB-000374
<GroupDescription></GroupDescription>Group -
The DBMS must restrict access to system tables and other configuration information or metadata to DBAs or other authorized users.
<VulnDiscussion>Applications employ the concept of least privilege for specific duties and information systems (including specific functions,...Rule Medium Severity -
SRG-APP-000133-DB-000362
<GroupDescription></GroupDescription>Group -
Administrative privileges must be assigned to database accounts via database roles.
<VulnDiscussion>Applications employ the concept of least privilege for specific duties and information systems (including specific functions,...Rule Medium Severity -
SRG-APP-000233-DB-000124
<GroupDescription></GroupDescription>Group -
Administrators must utilize a separate, distinct administrative account when performing administrative activities, accessing database security functions, or accessing security-relevant information.
<VulnDiscussion>This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of ro...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
The DBA role must not be assigned excessive or unauthorized privileges.
<VulnDiscussion>This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of ro...Rule Medium Severity -
SRG-APP-000141-DB-000093
<GroupDescription></GroupDescription>Group -
OS accounts utilized to run external procedures called by the DBMS must have limited privileges.
<VulnDiscussion>This requirement is intended to limit exposure due to operating from within a privileged account or role. The inclusion of ro...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
The DBMS must specify an account lockout duration that is greater than or equal to the organization-approved minimum.
<VulnDiscussion>Anytime an authentication method is exposed, to allow for the utilization of an application, there is a risk that attempts wi...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
The DBMS must have the capability to limit the number of failed login attempts based upon an organization-defined number of consecutive invalid attempts occurring within an organization-defined time period.
<VulnDiscussion>Anytime an authentication method is exposed, to allow for the utilization of an application, there is a risk that attempts w...Rule Medium Severity -
SRG-APP-000328-DB-000301
<GroupDescription></GroupDescription>Group -
Databases utilizing Discretionary Access Control (DAC) must enforce a policy that limits propagation of access rights.
<VulnDiscussion>Discretionary Access Control (DAC) is based on the premise that individual users are "owners" of objects and therefore have d...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.