general db rules

8/9/2019 General DB Rules

1/18

1

2

3

4

5

6

7

8

9

10

11

12

13

14


2/18

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29


3/18

30

31

32

33

34

35

36

37


4/18

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53


5/18

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73


6/18

74


7/18

Rule Title

The DBMS must allow all remote access to be route throu!h ma"a!e access co"trol

The DBMS must su##ort the re%uireme"t to automaticall& auit accou"t creatio"$

The DBMS must su##ort the re%uireme"t to automaticall& auit accou"t moi'catio"$

The DBMS must automaticall& auit accou"t isabli"! actio"s$

The DBMS must automaticall& auit accou"t termi"atio"$

DBMS #rocesses or ser(ices must ru" u"er custom) eicate *S accou"ts$

The DBMS must restrict !ra"ts to se"siti(e i"+ormatio" to authori,e user roles$

The DBMS must be #rotecte +rom u"authori,e access b& e(elo#ers$

The DBMS must limit the "umber o+ co"curre"t sessio"s +or each s&stem accou"t to a"or!a"i,atio" e'"e "umber o+ sessio"s$

- DBMS #ro(ii"! remote access ca#abilities must utili,e a##ro(e crto!ra#h& to #rothe co"'e"tialit& a" i"te!rit& o+ ata #assi"! o(er remote access sessio"s$

The DBMS must e"sure remote sessio"s that access a" or!a"i,atio" e'"e list o+ sec+u"ctio"s a" securit&.rele(a"t i"+ormatio" are auite$

The DBMS must su##ort the or!a"i,atio"al re%uireme"ts +or automaticall& mo"itori"!)auiti"!) a" alerti"! o" ab"ormal usa!e o+ accou"ts$

The DBMS must e"+orce or!a"i,atio" e'"e limitatio"s o" the embei"! o+ ata twithi" other ata tes$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to im#leme"t se#aratio" o+ utiesthrou!h assi!"e i"+ormatio" access authori,atio"s$


8/18

/o".#ri(ile!e accou"ts must be utili,e whe" accessi"! "o".ami"istrati(e +u"ctio"s

The DB- role must "ot be assi!"e ecessi(e or u"authori,e #ri(ile!es$

DBMS e+ault accou"t "ames must be cha"!e i+ allowe$

The DBMS must !e"erate auit recors +or the selecte list o+ auitable e(e"ts$

The DBMS must restrict access to s&stem tables a" other co"'!uratio" i"+ormatio" ormetaata to DB-s or other authori,e users$

-mi"istrators must utili,e a se#arate) isti"ct ami"istrati(e accou"t whe" #er+ormi"ami"istrati(e acti(ities) accessi"! atabase securit& +u"ctio"s) or accessi"! securit&.

rele(a"t i"+ormatio"$

*S accou"ts utili,e to ru" eter"al #roceures calle b& the DBMS must ha(e limite#ri(ile!es$

DB- *S accou"ts must be !ra"te o"l& those host s&stem #ri(ile!es "ecessar& +or theami"istratio" o+ the DBMS$

The DBMS must s#eci+& accou"t locout uratio" that is !reater tha" or e%ual to theor!a"i,atio" a##ro(e mi"imum$

The DBMS must ha(e the ca#abilit& to limit the "umber o+ +aile lo!i" attem#ts base a" or!a"i,atio" e'"e "umber o+ co"secuti(e i"(ali attem#ts occurri"! withi" a"or!a"i,atio" e'"e time #erio$

The DBMS must e"+orce the or!a"i,atio" e'"e time #erio uri"! which the limit o+co"secuti(e +aile lo!i" attem#ts b& a user is cou"te$

The DBMS) whe" the maimum "umbers o+ u"success+ul attem#ts is eceee) mustautomaticall& loc the accou"t"oe +or a" or!a"i,atio" e'"e time #erio or loc theaccou"t"oe u"til release b& a" ami"istrator - or!a"i,atio"al #olic&$

The DBMS must ha(e allocate auit recor stora!e ca#acit&) a" its auiti"! co"'!urreuce the lielihoo o+ stora!e ca#acit& bei"! eceee$

The DBMS must #ro(ie auit recor !e"eratio" ca#abilit& +or or!a"i,atio" e'"e aue(e"ts withi" the atabase$

The DBMS must allow esi!"ate or!a"i,atio"al #erso""el to select which auitable e(are to be auite b& the atabase$


9/18

The DBMS must i"itiate sessio" auiti"! u#o" startu# o+ the atabase$

-ttem#ts to bass access co"trols must be auite$

The DBMS must #ro(ie the ca#abilit& to ca#ture) recor) a" lo! all co"te"t relate tosessio"$

The DBMS must #rouce auit recors co"tai"i"! sucie"t i"+ormatio" to establish ethe e(e"t te o+ e(e"ts) whe") where) ori!i") outcome)ie"tit& o+ im#licate user

The DBMS must be ca#able o+ tai"! or!a"i,atio" e'"e actio"s u#o" auit +ailure orcom#o"e"t +ailure is etecte e$!$) o(erwrite olest auit recors) sto# !e"erati"! aurecors) cease #rocessi"!) "oti+& o+ auit +ailure$

The DBMS must #ro(ie the ca#abilit& to automaticall& #rocess auit recors +or e(e"t

i"terest base u#o" selectable e(e"t criteria$

The DBMS must s&"chro"i,e with i"ter"al o#erati"! s&stem clocs which i" tur") ares&"chro"i,e o" a" or!a"i,atio" e'"e +re%ue"c& with a" or!a"i,atio" e'"e authotime source$

The DBMS must #rotect auit i"+ormatio" a" auit tools +rom a"& te o+ u"authori,eaccess) moi'catio") or eletio"$


10/18

The DBMS must e"+orce re%uireme"ts +or remote co""ectio"s to the i"+ormatio" s&stem

"use atabase com#o"e"ts) DBMS so+tware) a" atabase obects must be remo(e

-ccess to eter"al eecutables must be isable or restricte$

The DBMS must be ca#able o+ baci"! u# user.le(el i"+ormatio" #er a e'"e +re%ue"c

Database bacu# #roceures must be e'"e) ocume"te) a" im#leme"te$

DBMS bacu# a" restoratio" 'les must be #rotecte +rom u"authori,e access$

The DBMS must su##ort the re%uireme"t to bac u# auit ata a" recors o"to a i:es&stem or meia tha" the s&stem bei"! auite o" a" or!a"i,atio" e'"e +re%ue"c&$

Database so+tware irectories) i"clui"! DBMS co"'!uratio" 'les) must be store i"eicate irectories) se#arate +rom the host *S a" other a##licatio"s$

;e"or su##orte so+tware must be e(aluate a" #atche a!ai"st "ewl& +ou"

(ul"erabilities$The *S must limit #ri(ile!es to cha"!e the DBMS so+tware resie"t withi" so+tware libri"clui"! #ri(ile!e #ro!rams$

De+ault emo"stratio" a" sam#le atabases) atabase obects) a" a##licatio"s mustremo(e$

"use atabase com#o"e"ts which are i"te!rate i" the DBMS a" ca""ot be u"i"stamust be isable$

The DBMS must su##ort the or!a"i,atio"al re%uireme"ts to s#eci'call& #rohibit or restruse o+ u"authori,e"o".secure +u"ctio"s) #orts) #rotocols) a"or ser(ices$

Reco(er& #roceures a" tech"ical s&stem +eatures must eist to e"sure reco(er& is oa secure a" (eri'able ma""er$

Database reco(er& #roceures must be e(elo#e) ocume"te) im#leme"te) a"#erioicall& teste$

DBMS must co"uct bacu#s o+ s&stem.le(el i"+ormatio" #er or!a"i,atio" e'"e +re%that is co"siste"t with reco(er& time a" reco(er& #oi"t obecti(es$


11/18

The DBMS so+tware libraries must be #erioicall& bace u#$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"+orce mi"imum #asswor le"

The DBMS must e"+orce #asswor mi"imum li+etime restrictio"s$

DBMS e+ault accou"ts must be assi!"e custom #asswors$

The DBMS must e"+orce #asswor maimum li+etime restrictio"s$

The DBMS must use a##ro(e crto!ra#h& +or authe"ticatio" mecha"isms$

The DBMS must restrict error messa!es) so o"l& authori,e #erso""el ma& (iew them$

The DBMS must use multi+actor authe"ticatio" +or remote "etwor access ori!i"ati"!outsie to #ri(ile!e"o".#ri(il!e accou"ts$

The DBMS must use or!a"i,atio" e'"e re#la&.resista"t authe"ticatio" mecha"isms +"etwor access to #ri(ile!e"o".#ri(ile!e accou"ts$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to isable user accou"ts a+ter a"

or!a"i,atio" e'"e time #erio o+ i"acti(it&$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to #rohibit #asswor reuse +or theor!a"i,atio" e'"e "umber o+ !e"eratio"s$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"+orce #asswor com#leit& b"umber o+ u##er case) lower case) "umeric) a" s#ecial characters use$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"+orce the "umber o+ charactthat !et cha"!e whe" #asswors are cha"!e$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"+orce #asswor e"crtio" +ostora!e a" tra"smissio"$

DBMS #asswors must "ot be store i" com#ile) e"coe) or e"crte batch obs orcom#ile) e"coe) or e"crte a##licatio" source coe$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to e"crt i"+ormatio" store i" tatabase$

The DBMS must termi"ate the "etwor co""ectio" associate with a commu"icatio"s sat the e" o+ the sessio" or a+ter a" or!a"i,atio" e'"e time #erio o+ i"acti(it&$

The DBMS must #rotect a!ai"st or limit the e:ects o+ the or!a"i,atio" e'"e tes o+o+ Ser(ice DoS attacs$

The DBMS must o"l& !e"erate error messa!es that #ro(ie i"+ormatio" "ecessar& +or

correcti(e actio"s without re(eali"! or!a"i,atio" e'"e se"siti(e or #ote"tiall& harm+i"+ormatio" i" error lo!s a" ami"istrati(e messa!es that coul be e#loite$

The DBMS must su##ort or!a"i,atio"al re%uireme"ts to em#lo& automate #atchma"a!eme"t tools to +acilitate


12/18

The DBMS must "oti+& a##ro#riate i"i(iuals whe" accou"ts arecreatemoi'eisabletermi"ate$


13/18

DS- Re+ere"ce =S be"chmar *racle 11!SRG-APP-000001-DB-000031 3$9

SRG-APP-000014-DB-000036

SRG-APP-000017-DB-000037

SRG-APP-000019-DB-000197

SRG-APP-000026-DB-000005

SRG-APP-000027-DB-000186

SRG-APP-000028-DB-000187

SRG-APP-000029-DB-000188

SRG-APP-000030-DB-000173

SRG-APP-000057-DB-000127

SRG-APP-000062-DB-000009

SRG-APP-000062-DB-000010

SRG-APP-000062-DB-000011

SRG-APP-000062-DB-000014

5$25$75$185$195$225$24

5$35$85$205$255$28

5$45$95$215$235$26

5$45$95$215$235$26

4$3$94$3$104$3$11


14/18

SRG-APP-000062-DB-000016

SRG-APP-000063-DB-000017

SRG-APP-000063-DB-000018

SRG-APP-000063-DB-000019

SRG-APP-000063-DB-000020

SRG-APP-000063-DB-000021

SRG-APP-000063-DB-000023

SRG-APP-000065-DB-000024

SRG-APP-000065-DB-000025 3$1

SRG-APP-000066-DB-000195 2$15

SRG-APP-000067-DB-000026 3$1

SRG-APP-000071-DB-000047

SRG-APP-000089-DB-000064

SRG-APP-000090-DB-000065

SRG-APP-000091-DB-000066

2$72$82$132$20

2$194$14$24$34$44$54$6

4$74$84$94$10

3$23$6


15/18

SRG-APP-000092-DB-000208 5$1

SRG-APP-000093-DB-000052

SRG-APP-000095-DB-000039

SRG-APP-000109-DB-000049

SRG-APP-000115-DB-000055

SRG-APP-000115-DB-000056

SRG-APP-000117-DB-000058

SRG-APP-000118-DB-000059

2$32$45$15$2

5$35$45$55$65$75$85$95$105$115$125$13

5$145$155$165$175$185$195$205$215$225$235$24

5$255$265$27


16/18

SRG-APP-000125-DB-000170

SRG-APP-000133-DB-000199

SRG-APP-000133-DB-000205

SRG-APP-000133-DB-000207

SRG-APP-000140-DB-000033

SRG-APP-000141-DB-000090 1$2

SRG-APP-000141-DB-000091

SRG-APP-000141-DB-000092

SRG-APP-000141-DB-000093

SRG-APP-000142-DB-000094

SRG-APP-000144-DB-000101

SRG-APP-000145-DB-000095

SRG-APP-000145-DB-000096

SRG-APP-000145-DB-000097

SRG-APP-000145-DB-000098

SRG-APP-000146-DB-000099

2$1$12$1$22$1$32$1$42$1$52$92$10

2$112$122$162$172$52$63$7


17/18

SRG-APP-000146-DB-000100

SRG-APP-000149-DB-000104

SRG-APP-000156-DB-000111

SRG-APP-000163-DB-000113

SRG-APP-000164-DB-000082 3$8

SRG-APP-000165-DB-000081

SRG-APP-000166-DB-000070

SRG-APP-000170-DB-000073 3$8

SRG-APP-000171-DB-000074

SRG-APP-000173-DB-000076 3$3SRG-APP-000174-DB-000078 1$1

SRG-APP-000174-DB-000079

SRG-APP-000174-DB-000080 3$3SRG-APP-000179-DB-000114

SRG-APP-000188-DB-000121

SRG-APP-000190-DB-000137

SRG-APP-000245-DB-000132

SRG-APP-000266-DB-000162 2$18

SRG-APP-000267-DB-000163 2$18

SRG-APP-000271-DB-000156 1$3

3$43$5

2$143$8

2$152$163$9

4$1$17


18/18

SRG-APP-000292-DB-000138 5$25$35$4

general db rules

Documents