The DBMS must prevent unauthorized and unintended information transfer via shared system resources.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-206573 | SRG-APP-000243-DB-000373 | SV-206573r961149_rule | CCI-001090 | medium |
| Description | ||||
| The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after the resource has been released back to the information system. Control of information in shared resources is also referred to as object reuse. | ||||
| STIG | Date | |||
| Database Security Requirements Guide | 2024-12-04 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
SC-4
1.00
- DISA · 4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.13.4
1.00
- DISA · 4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001090
1.00
- DISA · 4 · disa_xccdf · related
Details
Check Text (C-206573r961149_chk)
Review the DBMS architecture to find out if and how it protects the private resources of one process or user (such as working memory, temporary tables, uncommitted data) from unauthorized access by another user or process.
If it does not effectively do so, this is a finding.
Fix Text (F-6833r291388_fix)
Deploy a DBMS capable of effectively protecting the private resources of one process or user from unauthorized access by another user or process.
Configure the DBMS to effectively protect the private resources of one process or user from unauthorized access by another user or process.