| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-206586 | CAT II | MONT-DB-002 | Database Security Requirements Guide | The DBMS must prevent non-privileged users from ex... | - | |||
Check TextReview the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question. Review the DBMS security configuration and/or other means used to protect privileged functionality from unauthorized use. If the configuration does not protect all of the actions defined as privileged, this is a finding. Fix TextConfigure DBMS security to protect all privileged functionality. CommentsProhibiting non-privileged user from executing privileged functions is documented in Section 6.10 of the MSC IBS Access Control Policy 2.2. DBMS prevents non-privileged users from executing privileged functions through Roles. Non-privileged users do not have direct access the DBMS as it resides in a secure location. The database server can only be accessed by a privileged user, who creates an Afloat Operations Service Desk ticket. Once the Afloat Operations Service Desk confirms the privileged user has the proper credentials, a domain admin account is created for the user and is valid for 14 days. Installer accounts are created and sent from shore.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||