STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Oracle Database 11.2g Security Technical Implementation Guide

V-219777

CAT II (Medium)

Processes (services, applications, etc.) that connect to the DBMS independently of individual users, must use valid, current DoD-issued PKI certificates for authentication to the DBMS.

Rule ID

SV-219777r961044_rule

STIG

Oracle Database 11.2g Security Technical Implementation Guide

Version

V2R5

CCIs

CCI-000187

Discussion

Just as individual users must be authenticated, and just as they must use PKI-based authentication, so must any processes that connect to the DBMS. The DoD standard for authentication of a process or device communicating with another process or device is the presentation of a valid, current, DoD-issued Public Key Infrastructure (PKI) certificate that has previously been verified as Trusted by an administrator of the other process or device. This applies both to processes that run on the same server as the DBMS and to processes running on other computers. The Oracle-supplied super-user account, SYS, is an exception. It cannot currently use certificate-based authentication. For this reason among others, use of SYS should be restricted to where it is truly needed.

Check Content

Review configuration to confirm that accounts used by processes to connect to the DBMS are authenticated using valid, current DoD-issued PKI certificates.

If any such account, other than SYS, is not certificate-based, this is a finding.

Fix Text

For each such account, use DoD certificate-based authentication.