| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If all accounts are authenticated by the organization-level authentication/access mechanism and not by the DBMS, this is not a finding. If there are any accounts managed by the DBMS, review the system documentation for justification and approval of these accounts. If any DBMS-managed accounts exist that are not documented and approved, this is a finding.
Fix Text
Integrate DBMS security with an organization-level authentication/access mechanism providing account management for all users, groups, roles, and any other principals. For each DBMS-managed account that is not documented and approved, either transfer it to management by the external mechanism, or document the need for it and obtain approval, as appropriate.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings to determine whether users are restricted from accessing objects and data they are not authorized to access. If appropriate access controls are not implemented to restrict access to authorized users and to restrict the access of those users to objects and data they are authorized to see, this is a finding.
Fix Text
Configure the DBMS settings and access controls to permit user access only to objects and data that the user is authorized to view or interact with, and to prevent access to all other objects and data.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review procedures for controlling, granting access to, and tracking use of the DBMS software installation account. If access or use of this account is not restricted to the minimum number of personnel required or if unauthorized access to the account has been granted, this is a finding.
Fix Text
Develop, document, and implement procedures to restrict and track use of the DBMS software installation account.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If DBMS authentication, using passwords, is not employed, this is not a finding. If the DBMS is configured to inherit password complexity and lifetime rules from the operating system or access control program, this is not a finding. Review the DBMS settings relating to password complexity. Determine whether the following rules are enforced. If any are not, this is a finding. a. minimum of 15 characters, including at least one of each of the following character sets: - Uppercase. - Lowercase. - Numerics. - Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <). b. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight. Review the DBMS settings relating to password lifetime. Determine whether the following rules are enforced. If any are not, this is a finding. a. Password lifetime limits for interactive accounts: Minimum 24 hours, maximum 60 days. b. Password lifetime limits for noninteractive accounts: Minimum 24 hours, maximum 365 days. c. Number of password changes before an old one may be reused: Minimum of five.
Fix Text
If the use of passwords is not needed, configure the DBMS to prevent their use if it is capable of this; if it is not, institute policies and procedures to prohibit their use. If the DBMS can inherit password complexity rules from the operating system or access control program, configure it to do so. Otherwise, use DBMS configuration parameters and/or custom code to enforce the following rules for passwords: a. Minimum of 15 characters, including at least one of each of the following character sets: - Uppercase. - Lowercase. - Numerics. - Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <). b. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight. c. Password lifetime limits for interactive accounts: Minimum 24 hours, maximum 60 days. d. Password lifetime limits for non-interactive accounts: Minimum 24 hours, maximum 365 days. e. Number of password changes before an old one may be reused: Minimum of five.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the list of DBMS database objects, database configuration files, associated scripts, and applications defined within and external to the DBMS that access the database. The list should also include files or settings used to configure the operational environment for the DBMS and for interactive DBMS user accounts. Determine whether any DBMS database objects, database configuration files, associated scripts, applications defined within or external to the DBMS that access the database, and DBMS/user environment files/settings contain database passwords. If any do, confirm that DBMS passwords stored internally or externally to the DBMS are hashed using FIPS-approved cryptographic algorithms and include a salt. If any passwords are stored in clear text, this is a finding. If any passwords are stored with reversible encryption, this is a finding. If any passwords are stored using unsalted hashes, this is a finding.
Fix Text
Develop, document, and maintain a list of DBMS database objects, database configuration files, associated scripts, applications defined within or external to the DBMS that access the database, and DBMS/user environment files/settings in the System Security Plan. Record whether they do or do not contain DBMS passwords. If passwords are present, ensure they are correctly hashed using one-way, salted hashing functions, and that the hashes are protected by host system security.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review configuration settings for encrypting passwords in transit across the network. If passwords are not encrypted, this is a finding. If it is determined that passwords are passed unencrypted at any point along the transmission path between the source and destination, this is a finding.
Fix Text
Configure encryption for transmission of passwords across the network. If the database does not provide encryption for logon events natively, employ encryption at the OS or network level. Ensure passwords remain encrypted from source to destination.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS configuration to determine whether appropriate access controls exist to protect the DBMS's private key(s). If the DMBS’s private key(s) are not stored in a FIPS 140-2 or 140-3 validated cryptographic module, this is a finding. If access to the DBMS’s private key(s) is not restricted to authenticated and authorized users, this is a finding.
Fix Text
Store all DBMS PKI private keys in a FIPS 140-2 or 140-3 validated cryptographic module. Ensure access to the DBMS PKI private keys is restricted to only authenticated and authorized users.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If all interaction with the user for purposes of authentication is handled by a software component separate from the DBMS, this is not a finding. If any application, tool or feature associated with the DBMS/database displays any authentication secrets (to include PINs and passwords) during - or after - the authentication process, this is a finding.
Fix Text
Modify and configure each non-compliant application, tool, or feature associated with the DBMS/database so that it does not display authentication secrets.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS configuration to verify it is using NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. If NIST FIPS 140-2 or 140-3 validated modules are not being used for all cryptographic operations, this is a finding.
Fix Text
Utilize NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the application owner and Authorizing Official have determined that encryption of data at rest is NOT required, this is not a finding. Review DBMS settings to determine whether controls exist to protect the confidentiality and integrity of data at rest in the database. If controls do not exist or are not enabled, this is a finding.
Fix Text
Apply appropriate controls to protect the confidentiality and integrity of data at rest in the database.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the system documentation to determine whether the organization has defined the information at rest that is to be protected from modification, which must include, at a minimum, PII and classified information. If no information is identified as requiring such protection, this is not a finding. Review the configuration of the DBMS, operating system/file system, and additional software as relevant. If any of the information defined as requiring cryptographic protection from modification is not encrypted in a manner that provides the required level of protection, this is a finding.
Fix Text
Configure the DBMS, operating system/file system, and additional software as relevant, to provide the required level of cryptographic protection.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the system documentation to determine whether the organization has defined the information at rest that is to be protected from disclosure, which must include, at a minimum, PII and classified information. If the documentation indicates no information requires such protections, this is not a finding. Review the configuration of the DBMS, operating system/file system, and additional software as relevant. If any of the information defined as requiring protection is not encrypted in a manner that provides the required level of protection and is not physically secured to the required level, this is a finding.
Fix Text
Configure the DBMS, operating system/file system, and additional software as relevant, to provide the required level of cryptographic protection for information requiring cryptographic protection against disclosure. Secure the premises, equipment, and media to provide the required level of physical protection.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS is deployed in an unclassified environment, this is not applicable (NA). If the DBMS is not configured to use NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards, this is a finding.
Fix Text
Deploy a DBMS compatible with the use of NSA-approved cryptography. Configure the DBMS and related system components to use NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Verify the DBMS is a version supported by the vendor. If the DBMS is not a version supported by the vendor, this is a finding.
Fix Text
Upgrade or install a version of the DBMS supported by the vendor.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Determine whether the system documentation specifies limits on the number of concurrent DBMS sessions per account by type of user. If it does not, assume a limit of 10 for database administrators and 2 for all other users. Review the concurrent-sessions settings in the DBMS and/or the applications using it, and/or the system software supporting it. If the DBMS is capable of enforcing this restriction but is not configured to do so, this is a finding. This holds even if the restriction is enforced by applications or supporting software. If it is not technically feasible for the DBMS to enforce this restriction, but the application(s) or supporting software are configured to do so, this is not a finding. If it is not technically feasible for the DBMS to enforce this restriction, and applications and supporting software are not so configured, this is a finding. If the value for any type of user account is not set, this is a finding. If a value is set but is not equal to the value specified in the documentation (or the default value defined in this check) for the type of user, this is a finding.
Fix Text
If the DBMS is capable of enforcing this restriction, but is not configured to do so, configure it to do so. (This may involve the development of one or more triggers.) If it is not technically feasible for the DBMS to enforce this restriction, and the application(s) and supporting software are not configured to do so, configure them to do so. If the value for any type of user account is not set, determine the correct value and set it. If a value is set but is not equal to the value specified for the type of user, determine the correct value, set it, and update the documentation, as appropriate.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system documentation to determine the data and the actions on data that need to be protected from repudiation by means of audit trails. Review DBMS settings to determine whether users can be identified as individuals when using shared accounts. If the individual user who is using a shared account cannot be identified, this is a finding. Review the design and the contents of the application data tables. If they do not include the necessary audit data, this is a finding. Review the configuration of audit logs to determine whether auditing includes details identifying the individual user. If it does not, this is a finding.
Fix Text
Use accounts assigned to individual users. Where the application connects to the DBMS using a standard, shared account, ensure that it also captures the individual user identification and passes it to the DBMS. Modify application database tables and all supporting code to capture the necessary audit data. Modify the configuration of audit logs to include details identifying the individual user.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS auditing to determine whether organization-defined auditable events are being audited by the system. If organization-defined auditable events are not being audited, this is a finding.
Fix Text
Deploy a DBMS that supports the DoD minimum set of auditable events. Configure the DBMS to generate audit records for at least the DoD minimum set of events.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and documentation to determine whether designated personnel are able to select which auditable events are being audited. If designated personnel are not able to configure auditable events, this is a finding.
Fix Text
Configure the DBMS's settings to allow designated personnel to select which auditable events are audited.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when privileges/permissions/role memberships are retrieved. If the DBMS is not capable of this, this is a finding. If the DBMS is currently required to audit the retrieval of privilege/permission/role membership information, review the DBMS/database security and audit configurations to verify that audit records are produced when privileges/permissions/role memberships are retrieved. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when privileges/permissions/role memberships are retrieved. If currently required, configure the DBMS to produce audit records when privileges/permissions/role memberships are retrieved.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to retrieve privileges/permissions/role membership. If the DBMS is not capable of this, this is a finding. If the DBMS is currently required to audit the retrieval of privilege/permission/role membership information, review the DBMS/database security and audit configurations to verify that audit records are produced when the DBMS denies retrieval of privileges/permissions/role memberships. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent retrieval of privileges/permissions/role memberships. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete access to privileges/permissions/role membership. If currently required, configure the DBMS to produce audit records when it denies access to privileges/permissions/role membership. Configure the DBMS to produce audit records when other errors prevent access to privileges/permissions/role membership.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS vendor documentation to determine whether the DBMS software is capable of session auditing. If the DBMS is not capable of session auditing and a third party product is not being used for session level auditing, this is a finding. If the DBMS is capable of session level auditing and specific session audits are currently defined but session auditing is not enabled; or if a third-party product is available for session auditing and specific session audits are currently defined but session auditing is not enabled, this is a finding.
Fix Text
Deploy a DBMS capable of session auditing. Configure the DBMS software or third-party product to enable session auditing.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to the audit event type is being captured and stored with the audit records. If audit records exist without information regarding what type of event occurred, this is a finding.
Fix Text
Configure DBMS audit settings to include event type as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to the date and time of the event is being captured and stored with the audit records. If audit records exist without the date and time of the event, this is a finding.
Fix Text
Configure DBMS audit settings to include the date and time of the occurrence of the event as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to where the event occurred is being captured and stored with the audit records. If audit records exist without information regarding where the event occurred, this is a finding.
Fix Text
Configure DBMS audit settings to include where the event occurred as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to the source (origin) of the event is being captured and stored with audit records. If audit records exist without information regarding the source of the event, this is a finding.
Fix Text
Configure DBMS audit settings to include the source of the event as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify information specific to the outcome of the event is being captured and stored with the audit records. If audit records exist without the outcome of the event that occurred, this is a finding.
Fix Text
Configure DBMS audit settings to include the outcome of the event as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and existing audit records to verify a user name associated with the event is being captured and stored with the audit records. If audit records exist without specific user information, this is a finding.
Fix Text
Configure DBMS audit settings to include user name as part of the audit record.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the system documentation to identify what additional information the organization has determined to be necessary. Check DBMS settings and existing audit records to verify that all organization-defined additional, more detailed information is in the audit records for audit events identified by type, location, or subject. If any additional information is defined and is not contained in the audit records, this is a finding.
Fix Text
Configure DBMS audit settings to include all organization-defined detailed information in the audit records for audit events identified by type, location, or subject.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Using product documentation, verify that the DBMS uses current time stamp values obtained from or synchronized with the internal system clock used by the operating system. If it is not able to, this is a finding. If it is able to but is configured so that it does not do so, this is a finding.
Fix Text
Deploy a DBMS that can use time stamp values obtained from or synchronized with the internal system clock used by the operating system. Configure the DBMS to use time stamp values obtained from or synchronized with the internal system clock used by the operating system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review locations of audit logs, both internal to the database and database audit logs located at the operating system level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized access. If appropriate controls and permissions do not exist, this is a finding.
Fix Text
Apply controls and modify permissions to protect database audit log data from unauthorized access, whether stored in the database itself or at the OS level.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review locations of audit logs, both internal to the database and database audit logs located at the operating system level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized modification. If appropriate controls and permissions do not exist, this is a finding.
Fix Text
Apply controls and modify permissions to protect database audit log data from unauthorized modification, whether stored in the database itself or at the OS level.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review locations of audit logs, both internal to the database, and database audit logs located at the operating system level. Verify there are appropriate controls and permissions to protect the audit information from unauthorized deletion. If appropriate controls and permissions do not exist, this is a finding.
Fix Text
Apply controls and modify permissions to protect database audit log data from unauthorized deletion, whether stored in the database itself or at the OS level.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the access permissions to tools used to view or modify audit log data. These tools may include features within the DBMS itself or software external to the database. If appropriate permissions and access controls to prevent unauthorized access are not applied to these tools, this is a finding.
Fix Text
Apply or modify access controls and permissions (both within the DBMS and in the file system/operating system) to tools used to view or modify audit log data. Tools must be accessible by authorized personnel only.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the access permissions to tools used to view or modify audit log data. These tools may include features within the DBMS itself or software external to the database. If appropriate permissions and access controls to prevent unauthorized configuration are not applied to these tools, this is a finding.
Fix Text
Apply or modify access controls and permissions (both within the DBMS and in the file system/operating system) to tools used to view or modify audit log data. Tools must be configurable by authorized personnel only.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the access permissions to tools used to view or modify audit log data. These tools may include features within the DBMS itself or software external to the database. If appropriate permissions and access controls to prevent unauthorized removal are not applied to these tools, this is a finding.
Fix Text
Apply or modify access controls and permissions (both within the DBMS and in the file system/operating system) to tools used to view or modify audit log data. Ensure that tools may be removed by authorized personnel only.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review monitoring procedures and implementation evidence to verify monitoring of changes to database software libraries, related applications, and configuration files is done. Verify the list of files, directories, and database application objects (procedures, functions, and triggers) being monitored is complete. If monitoring does not occur or is not complete, this is a finding.
Fix Text
Implement procedures to monitor for unauthorized changes to DBMS software libraries, related software application libraries, and configuration files. If a third-party automated tool is not employed, an automated job that reports file information on the directories and files of interest and compares them to the baseline report for the same will meet the requirement. Use file hashes or checksums for comparisons, as file dates may be manipulated by malicious users.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS software library directory and note other root directories located on the same disk directory or any subdirectories. If any non-DBMS software directories exist on the disk directory, examine or investigate their use. If any of the directories are used by other applications, including third-party applications that use the DBMS, this is a finding. Only applications that are required for the functioning and administration, not use, of the DBMS should be located in the same disk directory as the DBMS software libraries. If other applications are located in the same directory as the DBMS, this is a finding. For databases located on mainframes, confirm that the database and its configuration files are isolated in their own DASD pools. If database software and database configuration files share DASD with other applications, this is a finding.
Fix Text
Install all applications on directories separate from the DBMS software library directory. Relocate any directories or reinstall other application software that currently shares the DBMS software library directory. For mainframe-based databases, locate database software and configuration files in separate DASD pools from other mainframe applications.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review system documentation to identify accounts authorized to own database objects. Review accounts that own objects in the database(s). If any database objects are found to be owned by users not authorized to own database objects, this is a finding.
Fix Text
Assign ownership of authorized objects to authorized object owner accounts.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Identify the group(s)/role(s) established for DBMS modification. Obtain the list of users in those group(s)/roles. Identify the individuals authorized to modify the DBMS. If unauthorized access to the group(s)/role(s) has been granted, this is a finding.
Fix Text
Revoke unauthorized memberships in the DBMS modification group(s)/role(s).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review vendor documentation and vendor websites to identify vendor-provided demonstration or sample databases, database applications, objects, and files. Review the DBMS to determine if any of the demonstration and sample databases, database applications, or files are installed in the database or are included with the DBMS application. If any are present in the database or are included with the DBMS application, this is a finding.
Fix Text
Remove any demonstration and sample databases, database applications, objects, and files from the DBMS.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the list of components and features installed with the database. Use the DBMS product installation tool if supported and review the product installation documentation. If unused components or features are installed and are not documented and authorized, this is a finding.
Fix Text
Uninstall unused components or features that are installed and can be uninstalled. Remove any database objects and applications that are installed to support them.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS for unused components of the system that cannot be uninstalled. If unused components or features are present on the system, can be disabled, and are not disabled, this is a finding.
Fix Text
Disable any unused components or features that cannot be uninstalled.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the database for definitions of application executable objects stored external to the database. Determine if there are methods to disable use or access, or to remove definitions for external executable objects. Verify each application executable object listed is authorized by the ISSO. If any are not, this is a finding.
Fix Text
Disable use of or remove any external application executable object definitions that are not authorized.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS settings and local documentation for functions, ports, protocols, and services that are not approved. If any are found, this is a finding.
Fix Text
Disable functions, ports, protocols, and services that are not approved.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS settings to determine whether organizational users are uniquely identified and authenticated when logging on/connecting to the system. If organizational users are not uniquely identified and authenticated, this is a finding.
Fix Text
Configure DBMS settings to uniquely identify and authenticate all organizational users who log on/connect to the system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS configuration to verify that certificates being accepted by the DBMS are validated by performing RFC 5280-compliant certification path validation. If certificates are not being validated by performing RFC 5280-compliant certification path validation, this is a finding.
Fix Text
Configure the DBMS to validate certificates by performing RFC 5280-compliant certification path validation.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS configuration to verify DBMS user accounts are being mapped directly to unique identifying information within the validated PKI certificate. If user accounts are not being mapped to authenticated identities, this is a finding.
Fix Text
Configure the DBMS to map the authenticated identity directly to the DBMS user account.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS settings to determine whether non-organizational users are uniquely identified and authenticated when logging onto the system. If non-organizational users are not uniquely identified and authenticated, this is a finding.
Fix Text
Configure DBMS settings to uniquely identify and authenticate all non-organizational users who log onto the system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Check DBMS settings and vendor documentation to verify that administrative functionality is separate from user functionality. If administrator and general user functionality are not separated either physically or logically, this is a finding.
Fix Text
Configure DBMS to separate database administration and general user functionality.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS settings and vendor documentation to verify user sessions are terminated, and session identifiers invalidated, upon user logout. If they are not, this is a finding. Review system documentation and organization policy to identify other events that should result in session terminations. If other session termination events are defined, review DBMS settings to verify occurrences of these events would cause session termination, invalidating the session identifiers. If occurrences of defined session terminating events do not cause session terminations, invalidating the session identifiers, this is a finding.
Fix Text
Configure DBMS settings to terminate sessions, invalidating their session identifiers, upon user logout. Configure DBMS settings to terminate sessions, invalidating their session identifiers, upon the occurrence of any organization- or policy-defined session termination event.