Title: The DBMS must be able to function within separate processing domains (virtualized systems), when specified, to enable finer-grained allocation of user privileges.
Vulnerability ID: V-32247
IA Controls: None
Description: Applications must employ the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.
Employing virtualization techniques to allow greater privilege within a virtual machine, while restricting privilege to the underlying actual machine is an example of providing separate processing domains for finer-grained allocation of user privileges.
Utilizing virtualization for databases is a common practice due to the ability to maintain several databases on their own distinct operating system but on shared hardware. This allows more efficient usage of resources while eliminating unwanted conflicts and interaction between disparate databases.
Check Text: Review system documentation to determine whether virtualization is required for the database. If virtualization is not required, this is NA.
Review DBMS vendor documentation to verify the DBMS is capable of working within a virtualized environment. If DBMS is not capable of working in a virtualized environment, this is a finding.
Fix Text: Utilize a DBMS that is able to operate in a virtualized environment.