Oracle Database 12c STIG Version Comparison

There are 2 differences between versions v3 r2 (Oct. 24, 2024) (the "left" version) and v3 r4 (April 2, 2025) (the "right" version).

Check O121-BP-023600 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

Only authorized system accounts must have the SYSTEM tablespace specified as the default tablespace.

Check Content

Run the query: select property_name, property_value from database_properties where property_name in ('DEFAULT_PERMANENT_TABLESPACE','DEFAULT_TEMP_TABLESPACE'); If either value is set to SYSTEM, this is a finding. Run the query: select username from dba_users where (default_tablespace = 'SYSTEM' or temporary_tablespace = 'SYSTEM') and username not in ('LBACSYS','OUTLN','SYS','SYSTEM', 'SYSKM', 'SYSDG', 'SYSBACKUP', 'SYSBACKUP'); If 'SYSRAC'); If any non-default nondefault account records are returned, this is a finding.

Discussion

The Oracle SYSTEM tablespace is used by the database to store all DBMS system objects. Other use of the system tablespace may compromise system availability and the effectiveness of host system access controls to the tablespace files.

Fix

Create and dedicate tablespaces to support only one application. Do not share tablespaces between applications. Do not grant quotas to application object owners on tablespaces not dedicated to their associated application. Run the queries: alter database default tablespace <tablespace_name>; alter database default temporary tablespace <temporary_tablespace_name>; alter user <username> default tablespace <tablespace_name> temporary tablespace <temporary_tablespace_name>; Replace <username> with the named user account. Replace <tablespace_name> with the new default tablespace name. Replace <temporary_tablespace_name> with the new default temporary tablespace name (typically TEMP). Repeat the "alter user" for each affected user account.