DoD STIGs – V-32349

Overview:

Title: The DBMS must validate the binding of the information to the identity of the information producer.

Vulnerability ID: V-32349

STIG ID:

IA Controls: None

Severity: medium

Description: Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document.

This non-repudiation control enhancement is intended to mitigate the risk that information gets modified between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums.

When the identity of the producer of a piece of information is not bound to the information, the validity of the information can be questioned or the producer of the information can deny having produced it.

Check Text: Review DBMS configuration to verify identity information is bound to any data being added to the database. If data is being added or processed in the database without identity information, this is a finding.

Fix Text: Configure the DBMS to validate the binding of identity information to data being added to the database.

[divider]

Interpreting V-32349:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.