Documentation - V-206566

V-206566

Database Security Requirements Guide

CAT II

Title

The DBMS must recognize only system-generated session identifiers.

Description

<VulnDiscussion>DBMSs utilize sessions and session identifiers to control application behavior and user access. If an attacker can guess the session identifier or can inject or manually insert session information, the session may be compromised. This requirement focuses on communications protection for the DBMS session rather than for the network packet. The intent of this control is to establish grounds for confidence at each end of a communications session in the ongoing identity of the other...

Fix Text (Documentation Requirement)

Utilize a DBMS product that only recognizes session identifiers that are system-generated.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel