Title: DBMS processes or services must run under custom, dedicated OS accounts.
Vulnerability ID: V-32234
IA Controls: None
Description: Separation of duties is a prevalent Information Technology control that is implemented at different layers of the information system, including the operating system and in applications. It serves to eliminate or reduce the possibility that a single user may carry out a prohibited action. Separation of duties requires that the person accountable for approving an action is not the same person who is tasked with implementing or carrying out that action.
The DBMS must run under a custom dedicated OS account. When the DBMS is running under a shared account, users with access to that account could inadvertently or maliciously make changes to DBMS’s settings, files, or permissions.
Check Text: Check OS settings to determine whether DBMS processes are running under a dedicated OS account. If the DBMS processes are running under shared accounts, this is a finding.
Fix Text: Create a DBMS account dedicated to DBMS processes and allow only DBMS processes to run under the account.[divider]