| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-263614 | CAT II | MONT-DB-002 | Database Security Requirements Guide | The DBMS must, for password-based authentication, ... | - | |||
Check TextVerify the DBMS is configured to require immediate selection of a new password upon account recovery. If the DBMS is not configured to require immediate selection of a new password upon account recovery, this is a finding. Fix TextConfigure the DBMS to require immediate selection of a new password upon account recovery. CommentsThe database server can only be accessed by a privileged user, who creates an Afloat Operations Service Desk ticket. Once the Afloat Operations Service Desk confirms the privileged user has the proper credentials, a domain admin account is created for the user and is valid for 14 days. Creation of password-based installer accounts is initiated from shore and utilize the procedure SC_RemoteUserMaint. Password-based application accounts are created and maintained through the application using the procedure SC_UserMaint. Both procedures use the FORCE PASSWORD CHANGE ON clause when creating or altering a login.
Source: Montford Point ShipCLIP DB V4R4.ckl
Scan Date: 2026-03-06T12:50:21.809591
Technology Area: Database Review
|
||||||||