From Oracle Database 11g Instance STIG
Part of Oracle default account access
The Oracle SYS account has all database privileges assigned to it (SYSDBA). This account is used to manage the database availability status (startup and shutdown). The SYS account is used by any DBMS account that connects to the database with SYSDBA privileges. Direct use of the SYS account does not provide a level of individual accountability for actions taken during its use and does not provide individual accountability. To preserve accountability, direct access to the SYS account should be logged manually and its use monitored closely.
Review the policy and procedures for use of the Oracle default accounts including direct use of the Oracle SYS and SYSTEM accounts with the IAO and DBA. If a policy does not exist for their use, this is a Finding. If procedures, automated or manual, for logging default account use are not defined or implemented, this is a Finding. If monitoring use of default accounts do not exist or is not implemented, this is a Finding.
Design, document and implement policy and procedures for use, logging and monitoring of Oracle default accounts in the System Security Plan. Ensure those granted access to the accounts are aware of the accounts and the policies and procedures for them.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer