Details

Updates and patches to existing software have the intention of improving the security or enhancing or adding features to the product. However, it is unfortunately common that updates or patches can render production systems inoperable or even introduce serious vulnerabilities. Some updates also set security configurations back to unacceptable settings that do not meet security requirements. For these reasons, it is a good practice to test updates and patches offline before introducing them in a production environment.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Develop, document and implement procedures for testing DBMS installations, upgrades and patches prior to deployment on production systems.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-3
• CAT|II
• Rule-ID|SV-24691r1_rule
• STIG-ID|DG0097-ORACLE11
• Vuln-ID|V-15139

Source

• Tenable.com/audits