Audit records should include the reason for blacklisting or disabling DBMS connections or accounts.

From Oracle Database 11g Instance STIG

Part of DBMS connection block audit

SV-24976r1_rule Audit records should include the reason for blacklisting or disabling DBMS connections or accounts.

Vulnerability discussion

Records of any disabling or locking of account actions taken by the DBMS can contain information valuable to decisions to employ additional responsive actions.

Check content

Review audit settings for disabling or locking account events based on event failures. If the settings are not configured to include the cause of the lock or disabling, this is a Finding.

Fix text

Determine and implement audit settings that will collect and store the cause of any DBMS account or connection lock or disabling actions taken by the DBMS.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer