From Oracle Database 12c Security Technical Implementation Guide
Part of SRG-APP-000140-DB-000033
Associated with: CCI-000366
Applications that provide remote access to information systems must be able to enforce remote access policy requirements or work in conjunction with enterprise tools designed to enforce policy requirements. Examples of policy requirements include, but are not limited to, authorizing remote access to the information system, limiting access based on authentication credentials, and monitoring for unauthorized access.
Review organization's access control policies and procedures addressing remote access to the information system. If remote connections are not allowed by the organization, this is NA. (Note that "remote" means "from outside the DoD Information Network (DoDIN)" and that connections via approved Virtual Private Networks (VPNs) are considered to be inside the DoDIN.) Review the DBMS, OS, and/or enterprise account management settings to verify access controls and auditing settings exist and they enforce the requirements for remote access defined by the organization. If access controls and auditing do not exist or do not fully enforce the requirements defined in the organization's policies and procedures, this is a finding.
Configure DBMS settings to ensure access control and auditing requirements for remote connections are enforced by the DBMS.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer