Details
The DBMS security configuration may be altered either intentionally or unintentionally over time. The DBMS may also be the subject of published vulnerabilities that require the installation of a security patch or a reconfiguration to mitigate the vulnerability. If the DBMS is not monitored for required or unintentional changes that render it not compliant with requirements, then it can be vulnerable to attack or compromise.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Develop, document and implement procedures for periodic testing of the DBMS for current vulnerability management and security configuration compliance as stated in the check.
Coordinate 3rd-party validation testing for Classified systems.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Risk Assessment.This control applies to the following type of system Windows.
References
- 800-53|RA-5
- CAT|III
- Rule-ID|SV-24678r1_rule
- STIG-ID|DG0088-ORACLE11
- Vuln-ID|V-15112