The DBMS must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

From Database Security Requirements Guide

Part of SRG-APP-000225-DB-000153

Associated with: CCI-001190

SV-42865r3_rule The DBMS must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

Vulnerability discussion

Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Failure to a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to system resources. Systems that fail suddenly and with no incorporated failure state planning may leave the hosting system available but with a reduced security protection capability. Preserving information system state data also facilitates system restart and return to the operational mode of the organization with less disruption of mission/business processes. Databases must fail to a known consistent state. Transactions must be successfully completed or rolled back.In general, security mechanisms should be designed so that a failure will follow the same execution path as disallowing the operation. For example, application security methods, such as isAuthorized(), isAuthenticated(), and validate(), should all return false if there is an exception during processing. If security controls can throw exceptions, they must be very clear about exactly what that condition means. Abort refers to stopping a program or function before it has finished naturally. The term abort refers to both requested and unexpected terminations.

Check content

Check DBMS settings and vendor documentation to verify the DBMS properly handles transactions in the event of a system failure. If open transactions are not rolled back to a consistent state during system failure, this is a finding. The consistent state must include a security configuration that is at least as restrictive as before the system failure. If this is not guaranteed, this is a finding.

Fix text

Configure DBMS settings so that, in the event of a system failure, the DBMS will roll back open transactions to a consistent state, to include a security configuration that is at least as restrictive as before the system failure.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer