Details

Regular and timely reviews of audit records increases the likelihood of early discovery of suspicious activity. Discovery of suspicious behavior can in turn trigger protection responses to minimize or eliminate a negative impact from malicious activity. Use of unauthorized application to access the DBMS may indicate an attempt to bypass security controls.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Document applications authorized to access the DBMS in the System Security Plan.

Develop, document and implement a process to review log and trace files or the results from any alternate methods used to support database access auditing to detect connections from unauthorized applications.

Include in this process a method to generate and provide evidence of monitoring.

This may include automated or manual processes acknowledged by the auditor or IAO.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Windows.

References

• 800-53|AU-6
• CAT|III
• Rule-ID|SV-24630r1_rule
• STIG-ID|DG0054-ORACLE11
• Vuln-ID|V-15611

Source

• Tenable.com/audits