OpenControls Logo

STIG Viewer

Use of the Oracle Database installation account must be logged.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-270537O19C-00-010700SV-270537r1064889_ruleCCI-000366medium
Description
The database management system (DBMS) installation account may be used by any authorized user to perform DBMS installation or maintenance. Without logging, accountability for actions attributed to the account is lost.
STIGDate
Oracle Database 19c Security Technical Implementation Guide2025-06-24

Related Frameworks

4 paths across 3 frameworks
NIST 800-531 mapping
CM-6
1.00
  • DISA · 1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
  • DISA · 1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
  • DISA · 1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
  • DISA · 1 · disa_xccdf · related

Details

Check Text (C-270537r1064889_chk)

Review documented and implemented procedures for monitoring the use of the DBMS software installation account in the system documentation. If use of this account is not monitored or procedures for monitoring its use do not exist or are incomplete, this is a finding. Note: On Windows systems, the Oracle DBMS software is installed using an account with administrator privileges. Ownership should be reassigned to a dedicated OS account used to operate the DBMS software. If monitoring does not include all accounts with administrator privileges on the DBMS host, this is a finding.

Fix Text (F-74471r1064888_fix)

Develop, document, and implement a logging procedure for use of the DBMS software installation account that provides accountability to individuals for any actions taken by the account. Host system audit logs should be included in the DBMS account usage log along with an indication of the person who accessed the account and an explanation for the access. Ensure all accounts with administrator privileges are monitored for DBMS host on Windows OS platforms.