DoD STIGs – V-32548

Overview:

Title: The DBMS must not share resources used to interface with systems operating at different security levels.

Vulnerability ID: V-32548

STIG ID:

IA Controls: None

Severity: low

Description: The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after the resource has been released back to the information system. Shared resources include memory, input/output queues, and network interface cards.

DBMS installations with different security levels have different access and security requirements. Shared DBMS installations secured at a lower-level can lead to exploitation of higher-level installations.

Check Text: Review the system documentation to determine if the DBMS host contains DBMS installations with differing security levels. If the DBMS host contains DBMS installations with different security levels, this is a finding.

Fix Text: Establish separate host systems for DBMS installations of different security levels.

[divider]

Interpreting V-32548:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.