| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206520 | CAT I | MONT-DB-002 | Database Security Requirements Guide | The DBMS must integrate with an organization-level... | - | |||
Check TextIf all accounts are authenticated by the organization-level authentication/access mechanism and not by the DBMS, this is not a finding. If there are any accounts managed by the DBMS, review the system documentation for justification and approval of these accounts. If any DBMS-managed accounts exist that are not documented and approved, this is a finding. Fix TextIntegrate DBMS security with an organization-level authentication/access mechanism providing account management for all users, groups, roles, and any other principals. For each DBMS-managed account that is not documented and approved, either transfer it to management by the external mechanism, or document the need for it and obtain approval, as appropriate. CommentsThe database server can only be accessed by a privileged user, who creates an Afloat Operations Service Desk ticket. Once the Afloat Operations Service Desk confirms the privileged user has the proper credentials, a domain admin account is created for the user and is valid for 14 days. Installer accounts are created and sent from shore and are authenticated using user id/password. The naming convention for the domain admin account is not consistent across various platforms and installers may not have access to a CAC reader. Application accounts are authenticated using either user id/password or a CAC. This allows flexibility to allow a mariner to access the ShipCLIP application when CAC card issues occur during ship deployments and a mariner is unable to correct until in port.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||