Details

Excess privilege assignment can lead to intentional or unintentional unauthorized actions. Such actions may compromise the operation or integrity of the DBMS and its data. Monitoring assigned privileges assists in the detection of unauthorized privilege assignment. The DBA role is assigned privileges that allow DBAs to modify privileges assigned to them. Ensure that the DBA Role is monitored for any unauthorized changes.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Design, document and implement procedures for monitoring DBA role privilege assignments.

Grant the DBA role the minimum privileges required to perform administrative functions.

Establish monitoring of DBA role privileges monthly or more often.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

• 800-53|AC-2
• CAT|II
• Rule-ID|SV-24675r1_rule
• STIG-ID|DG0086-ORACLE11
• Vuln-ID|V-15106

Source

• Tenable.com/audits