8/9/2019 General DB Rules
1/18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
8/9/2019 General DB Rules
2/18
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
8/9/2019 General DB Rules
3/18
30
31
32
33
34
35
36
37
8/9/2019 General DB Rules
4/18
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
8/9/2019 General DB Rules
5/18
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
8/9/2019 General DB Rules
6/18
74
8/9/2019 General DB Rules
7/18
Rule Title
The DBMS must allow all remote access to be route throu!h ma"a!e access co"trol
The DBMS must su##ort the re%uireme"t to automaticall& auit accou"t creatio"$
The DBMS must su##ort the re%uireme"t to automaticall& auit accou"t moi'catio"$
The DBMS must automaticall& auit accou"t isabli"! actio"s$
The DBMS must automaticall& auit accou"t termi"atio"$
DBMS #rocesses or ser(ices must ru" u"er custom) eicate *S accou"ts$
The DBMS must restrict !ra"ts to se"siti(e i"+ormatio" to authori,e user roles$
The DBMS must be #rotecte +rom u"authori,e access b& e(elo#ers$
The DBMS must limit the "umber o+ co"curre"t sessio"s +or each s&stem accou"t to a"or!a"i,atio" e'"e "umber o+ sessio"s$
- DBMS #ro(ii"! remote access ca#abilities must utili,e a##ro(e crto!ra#h& to #rothe co"'e"tialit& a" i"te!rit& o+ ata #assi"! o(er remote access sessio"s$
The DBMS must e"sure remote sessio"s that access a" or!a"i,atio" e'"e list o+ sec+u"ctio"s a" securit&.rele(a"t i"+ormatio" are auite$
The DBMS must su##ort the or!a"i,atio"al re%uireme"ts +or automaticall& mo"itori"!)auiti"!) a" alerti"! o" ab"ormal usa!e o+ accou"ts$
The DBMS must e"+orce or!a"i,atio" e'"e limitatio"s o" the embei"! o+ ata twithi" other ata tes$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to im#leme"t se#aratio" o+ utiesthrou!h assi!"e i"+ormatio" access authori,atio"s$
8/9/2019 General DB Rules
8/18
/o".#ri(ile!e accou"ts must be utili,e whe" accessi"! "o".ami"istrati(e +u"ctio"s
The DB- role must "ot be assi!"e ecessi(e or u"authori,e #ri(ile!es$
DBMS e+ault accou"t "ames must be cha"!e i+ allowe$
The DBMS must !e"erate auit recors +or the selecte list o+ auitable e(e"ts$
The DBMS must restrict access to s&stem tables a" other co"'!uratio" i"+ormatio" ormetaata to DB-s or other authori,e users$
-mi"istrators must utili,e a se#arate) isti"ct ami"istrati(e accou"t whe" #er+ormi"ami"istrati(e acti(ities) accessi"! atabase securit& +u"ctio"s) or accessi"! securit&.
rele(a"t i"+ormatio"$
*S accou"ts utili,e to ru" eter"al #roceures calle b& the DBMS must ha(e limite#ri(ile!es$
DB- *S accou"ts must be !ra"te o"l& those host s&stem #ri(ile!es "ecessar& +or theami"istratio" o+ the DBMS$
The DBMS must s#eci+& accou"t locout uratio" that is !reater tha" or e%ual to theor!a"i,atio" a##ro(e mi"imum$
The DBMS must ha(e the ca#abilit& to limit the "umber o+ +aile lo!i" attem#ts base a" or!a"i,atio" e'"e "umber o+ co"secuti(e i"(ali attem#ts occurri"! withi" a"or!a"i,atio" e'"e time #erio$
The DBMS must e"+orce the or!a"i,atio" e'"e time #erio uri"! which the limit o+co"secuti(e +aile lo!i" attem#ts b& a user is cou"te$
The DBMS) whe" the maimum "umbers o+ u"success+ul attem#ts is eceee) mustautomaticall& loc the accou"t"oe +or a" or!a"i,atio" e'"e time #erio or loc theaccou"t"oe u"til release b& a" ami"istrator - or!a"i,atio"al #olic&$
The DBMS must ha(e allocate auit recor stora!e ca#acit&) a" its auiti"! co"'!urreuce the lielihoo o+ stora!e ca#acit& bei"! eceee$
The DBMS must #ro(ie auit recor !e"eratio" ca#abilit& +or or!a"i,atio" e'"e aue(e"ts withi" the atabase$
The DBMS must allow esi!"ate or!a"i,atio"al #erso""el to select which auitable e(are to be auite b& the atabase$
8/9/2019 General DB Rules
9/18
The DBMS must i"itiate sessio" auiti"! u#o" startu# o+ the atabase$
-ttem#ts to bass access co"trols must be auite$
The DBMS must #ro(ie the ca#abilit& to ca#ture) recor) a" lo! all co"te"t relate tosessio"$
The DBMS must #rouce auit recors co"tai"i"! sucie"t i"+ormatio" to establish ethe e(e"t te o+ e(e"ts) whe") where) ori!i") outcome)ie"tit& o+ im#licate user
The DBMS must be ca#able o+ tai"! or!a"i,atio" e'"e actio"s u#o" auit +ailure orcom#o"e"t +ailure is etecte e$!$) o(erwrite olest auit recors) sto# !e"erati"! aurecors) cease #rocessi"!) "oti+& o+ auit +ailure$
The DBMS must #ro(ie the ca#abilit& to automaticall& #rocess auit recors +or e(e"t
i"terest base u#o" selectable e(e"t criteria$
The DBMS must s&"chro"i,e with i"ter"al o#erati"! s&stem clocs which i" tur") ares&"chro"i,e o" a" or!a"i,atio" e'"e +re%ue"c& with a" or!a"i,atio" e'"e authotime source$
The DBMS must #rotect auit i"+ormatio" a" auit tools +rom a"& te o+ u"authori,eaccess) moi'catio") or eletio"$
8/9/2019 General DB Rules
10/18
The DBMS must e"+orce re%uireme"ts +or remote co""ectio"s to the i"+ormatio" s&stem
"use atabase com#o"e"ts) DBMS so+tware) a" atabase obects must be remo(e
-ccess to eter"al eecutables must be isable or restricte$
The DBMS must be ca#able o+ baci"! u# user.le(el i"+ormatio" #er a e'"e +re%ue"c
Database bacu# #roceures must be e'"e) ocume"te) a" im#leme"te$
DBMS bacu# a" restoratio" 'les must be #rotecte +rom u"authori,e access$
The DBMS must su##ort the re%uireme"t to bac u# auit ata a" recors o"to a i:es&stem or meia tha" the s&stem bei"! auite o" a" or!a"i,atio" e'"e +re%ue"c&$
Database so+tware irectories) i"clui"! DBMS co"'!uratio" 'les) must be store i"eicate irectories) se#arate +rom the host *S a" other a##licatio"s$
;e"or su##orte so+tware must be e(aluate a" #atche a!ai"st "ewl& +ou"
(ul"erabilities$The *S must limit #ri(ile!es to cha"!e the DBMS so+tware resie"t withi" so+tware libri"clui"! #ri(ile!e #ro!rams$
De+ault emo"stratio" a" sam#le atabases) atabase obects) a" a##licatio"s mustremo(e$
"use atabase com#o"e"ts which are i"te!rate i" the DBMS a" ca""ot be u"i"stamust be isable$
The DBMS must su##ort the or!a"i,atio"al re%uireme"ts to s#eci'call& #rohibit or restruse o+ u"authori,e"o".secure +u"ctio"s) #orts) #rotocols) a"or ser(ices$
Reco(er& #roceures a" tech"ical s&stem +eatures must eist to e"sure reco(er& is oa secure a" (eri'able ma""er$
Database reco(er& #roceures must be e(elo#e) ocume"te) im#leme"te) a"#erioicall& teste$
DBMS must co"uct bacu#s o+ s&stem.le(el i"+ormatio" #er or!a"i,atio" e'"e +re%that is co"siste"t with reco(er& time a" reco(er& #oi"t obecti(es$
8/9/2019 General DB Rules
11/18
The DBMS so+tware libraries must be #erioicall& bace u#$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"+orce mi"imum #asswor le"
The DBMS must e"+orce #asswor mi"imum li+etime restrictio"s$
DBMS e+ault accou"ts must be assi!"e custom #asswors$
The DBMS must e"+orce #asswor maimum li+etime restrictio"s$
The DBMS must use a##ro(e crto!ra#h& +or authe"ticatio" mecha"isms$
The DBMS must restrict error messa!es) so o"l& authori,e #erso""el ma& (iew them$
The DBMS must use multi+actor authe"ticatio" +or remote "etwor access ori!i"ati"!outsie to #ri(ile!e"o".#ri(il!e accou"ts$
The DBMS must use or!a"i,atio" e'"e re#la&.resista"t authe"ticatio" mecha"isms +"etwor access to #ri(ile!e"o".#ri(ile!e accou"ts$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to isable user accou"ts a+ter a"
or!a"i,atio" e'"e time #erio o+ i"acti(it&$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to #rohibit #asswor reuse +or theor!a"i,atio" e'"e "umber o+ !e"eratio"s$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"+orce #asswor com#leit& b"umber o+ u##er case) lower case) "umeric) a" s#ecial characters use$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"+orce the "umber o+ charactthat !et cha"!e whe" #asswors are cha"!e$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"+orce #asswor e"crtio" +ostora!e a" tra"smissio"$
DBMS #asswors must "ot be store i" com#ile) e"coe) or e"crte batch obs orcom#ile) e"coe) or e"crte a##licatio" source coe$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"crt i"+ormatio" store i" tatabase$
The DBMS must termi"ate the "etwor co""ectio" associate with a commu"icatio"s sat the e" o+ the sessio" or a+ter a" or!a"i,atio" e'"e time #erio o+ i"acti(it&$
The DBMS must #rotect a!ai"st or limit the e:ects o+ the or!a"i,atio" e'"e tes o+o+ Ser(ice DoS attacs$
The DBMS must o"l& !e"erate error messa!es that #ro(ie i"+ormatio" "ecessar& +or
correcti(e actio"s without re(eali"! or!a"i,atio" e'"e se"siti(e or #ote"tiall& harm+i"+ormatio" i" error lo!s a" ami"istrati(e messa!es that coul be e#loite$
The DBMS must su##ort or!a"i,atio"al re%uireme"ts to em#lo& automate #atchma"a!eme"t tools to +acilitate
8/9/2019 General DB Rules
12/18
The DBMS must "oti+& a##ro#riate i"i(iuals whe" accou"ts arecreatemoi'eisabletermi"ate$
8/9/2019 General DB Rules
13/18
DS- Re+ere"ce =S be"chmar *racle 11!SRG-APP-000001-DB-000031 3$9
SRG-APP-000014-DB-000036
SRG-APP-000017-DB-000037
SRG-APP-000019-DB-000197
SRG-APP-000026-DB-000005
SRG-APP-000027-DB-000186
SRG-APP-000028-DB-000187
SRG-APP-000029-DB-000188
SRG-APP-000030-DB-000173
SRG-APP-000057-DB-000127
SRG-APP-000062-DB-000009
SRG-APP-000062-DB-000010
SRG-APP-000062-DB-000011
SRG-APP-000062-DB-000014
5$25$75$185$195$225$24
5$35$85$205$255$28
5$45$95$215$235$26
5$45$95$215$235$26
4$3$94$3$104$3$11
8/9/2019 General DB Rules
14/18
SRG-APP-000062-DB-000016
SRG-APP-000063-DB-000017
SRG-APP-000063-DB-000018
SRG-APP-000063-DB-000019
SRG-APP-000063-DB-000020
SRG-APP-000063-DB-000021
SRG-APP-000063-DB-000023
SRG-APP-000065-DB-000024
SRG-APP-000065-DB-000025 3$1
SRG-APP-000066-DB-000195 2$15
SRG-APP-000067-DB-000026 3$1
SRG-APP-000071-DB-000047
SRG-APP-000089-DB-000064
SRG-APP-000090-DB-000065
SRG-APP-000091-DB-000066
2$72$82$132$20
2$194$14$24$34$44$54$6
4$74$84$94$10
3$23$6
8/9/2019 General DB Rules
15/18
SRG-APP-000092-DB-000208 5$1
SRG-APP-000093-DB-000052
SRG-APP-000095-DB-000039
SRG-APP-000109-DB-000049
SRG-APP-000115-DB-000055
SRG-APP-000115-DB-000056
SRG-APP-000117-DB-000058
SRG-APP-000118-DB-000059
2$32$45$15$2
5$35$45$55$65$75$85$95$105$115$125$13
5$145$155$165$175$185$195$205$215$225$235$24
5$255$265$27
8/9/2019 General DB Rules
16/18
SRG-APP-000125-DB-000170
SRG-APP-000133-DB-000199
SRG-APP-000133-DB-000205
SRG-APP-000133-DB-000207
SRG-APP-000140-DB-000033
SRG-APP-000141-DB-000090 1$2
SRG-APP-000141-DB-000091
SRG-APP-000141-DB-000092
SRG-APP-000141-DB-000093
SRG-APP-000142-DB-000094
SRG-APP-000144-DB-000101
SRG-APP-000145-DB-000095
SRG-APP-000145-DB-000096
SRG-APP-000145-DB-000097
SRG-APP-000145-DB-000098
SRG-APP-000146-DB-000099
2$1$12$1$22$1$32$1$42$1$52$92$10
2$112$122$162$172$52$63$7
8/9/2019 General DB Rules
17/18
SRG-APP-000146-DB-000100
SRG-APP-000149-DB-000104
SRG-APP-000156-DB-000111
SRG-APP-000163-DB-000113
SRG-APP-000164-DB-000082 3$8
SRG-APP-000165-DB-000081
SRG-APP-000166-DB-000070
SRG-APP-000170-DB-000073 3$8
SRG-APP-000171-DB-000074
SRG-APP-000173-DB-000076 3$3SRG-APP-000174-DB-000078 1$1
SRG-APP-000174-DB-000079
SRG-APP-000174-DB-000080 3$3SRG-APP-000179-DB-000114
SRG-APP-000188-DB-000121
SRG-APP-000190-DB-000137
SRG-APP-000245-DB-000132
SRG-APP-000266-DB-000162 2$18
SRG-APP-000267-DB-000163 2$18
SRG-APP-000271-DB-000156 1$3
3$43$5
2$143$8
2$152$163$9
4$1$17
8/9/2019 General DB Rules
18/18
SRG-APP-000292-DB-000138 5$25$35$4
Top Related