STIGs Image

DoD STIGs – V-32185

Overview: Title: The application must employ automated mechanisms to facilitate the monitoring and control of remote access methods. Vulnerability ID: V-32185 STIG ID: IA Controls: None Severity: medium

STIGs Image

DoD STIGs – V-32442

Overview: Title: The DBMS must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). Vulnerability ID: V-32442 STIG ID: IA Controls: None Severity: medium Description: To assure accountability and prevent unauthorized access, organizational users shall be identified and authenticated. Organizational users include organizational employees or individuals the organization deems to have equivalent status of employees …

STIGs Image

DoD STIGs – V-32528

Overview: Title: The DBMS must fail to a known safe state for defined types of failures. Vulnerability ID: V-32528 STIG ID: IA Controls: None Severity: medium Description: Failure in a known state can address safety or security in accordance with the mission/business needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality, integrity, or …

STIGs Image

DoD STIGs – V-32157

Overview: Title: The DBMS must limit the number of concurrent sessions for each system account to an organization defined number of sessions. Vulnerability ID: V-32157 STIG ID: IA Controls: None

STIGs Image

DoD STIGs – V-32536

Overview: Title: The DBMS must isolate security functions from non-security functions by means of separate security domains. Vulnerability ID: V-32536 STIG ID: IA Controls: None Severity: medium Description: Security functions are defined as “the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the …

STIGs Image

DoD STIGs – V-32526

Overview: Title: The DBMS must recognize only system-generated session identifiers. Vulnerability ID: V-32526 STIG ID: SRG-APP-000223-DB-000168 IA Controls: None Severity: High Description: This requirement focuses on communications protection at the application session, versus network packet level. The intent of this control is to establish grounds for confidence at each end of a communications session in the ongoing identity of the …