DoD STIGs – V-32253

Overview:

Title: The DBMS must retain the notification message or banner on the screen until users take explicit actions to log on to the database.

Vulnerability ID: V-32253

STIG ID:

IA Controls: None

Severity: medium

Description: To establish acceptance of system usage policy, a click-through banner at application logon is required. The banner shall prevent further activity on the application unless and until the user executes a positive action to manifest agreement. The text of this banner should be customizable in the event of future user agreement changes.

If the user does not have to take positive action to manifest agreement to the banner the user could deny having seen or agreed to the contents of the banner.

Check Text: This requirement applies only to interactive accounts. Non-interactive accounts do not need to include a banner or positive action to proceed.

Log into the DBMS and verify the user must take positive action to manifest their acceptance of the banner before allowing the user to proceed unless the banner text was already displayed, and positive action required, to the user via the operating system logon on the server on which the application resides.
If the user does not have to take positive action to proceed into the DBMS, and has not already taken positive action via the operating system, this is a finding.

Fix Text: For interactive accounts, configure the DBMS to enforce positive action manifesting acceptance of the banner before allowing user to proceed.

[divider]

Interpreting V-32253:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.