DoD STIGs – V-32254

Overview:

Title: The DBMS must display the system use information when appropriate, before granting further access.

Vulnerability ID: V-32254

STIG ID:

IA Controls: None

Severity: medium

Description: For publicly accessible systems:

Applications are required to display the following information:

(i) displays the system use information when appropriate, before granting further access;
(ii) displays references, if any, to monitoring, recording, or auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities; and
(iii) includes in the notice given to public users of the information system, a description of the authorized uses of the system.

System use notification messages can be implemented in the form of warning banners displayed when individuals log in to the information system. System use notification is intended only for information system access that includes an interactive login interface with a human user and is not intended to require notification when an interactive interface does not exist.

Check Text: Determine whether the system is publicly accessible. If the system is not publicly accessible, this is NA.
Banner requirements are applicable only to interactive accounts.

Review banner displayed by DBMS to verify it displays the system use information when appropriate, before granting further access.

Review banner displayed by DBMS to verify it displays references, if any, to monitoring, recording, or auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.

Review banner displayed by DBMS to verify it includes in the notice given to public users of the information system, a description of the authorized uses of the system.

Fix Text: For interactive accounts:
Configure DBMS to display a banner that displays the system use information when appropriate, before granting further access.

Configure DBMS to display a banner that displays references, if any, to monitoring, recording, or auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.

Configure DBMS to display a banner that includes in the notice given to public users of the information system, a description of the authorized uses of the system.

[divider]

Interpreting V-32254:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.