| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206575 | CAT II | MONT-DB-002 | Database Security Requirements Guide | The DBMS must check the validity of all data input... | - | |||
Check TextReview DBMS code (stored procedures, functions, and triggers), application code, settings, column and field definitions, and constraints to determine whether the database is protected against invalid input. If code exists that allows invalid data to be acted upon or input into the database, this is a finding. If column/field definitions do not exist in the database, this is a finding. If columns/fields do not contain constraints and validity checking where required, this is a finding. Where a column/field is noted in the system documentation as necessarily free-form, even though its name and context suggest that it should be strongly typed and constrained, the absence of these protections is not a finding. Where a column/field is clearly identified by name, caption or context as Notes, Comments, Description, Text, etc., the absence of these protections is not a finding. Fix TextModify database code to properly validate data before it is put into the database or acted upon by the database. Modify the database to contain column/field definitions for each column/field in the database. Modify the database to contain constraints and validity checking on database columns and tables that require them for data integrity. CommentsApplication-specific logic is implemented within the database using stored procedures, functions and triggers, where appropriate. Database tables have defined columns and have primary key indexes. Database code does properly validate data before it is put into the database or acted upon by the database. Development team confirms that code accounts for invalid inputs.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||