AnsweredAssumed Answered

CID 8099 Oracle control and PI number

Question asked by pl2015 on Jan 20, 2016
Latest reply on Jan 20, 2016 by Qsingh

In Control 8099 PC performs a check on Status of the direct privileges for a proxy user; "does not contain [a-zA-Z0-9]" plus it evaluates a checkbox "Privilege not found".

When I performed this check on an Oracle instance 11g, the control returns "314159265358979".

 

I've read at Qualys "Improving Policy Editing and Reporting" and if I'm correctly, the checkbox above should have resolved this in a more sentence way.

 

I like to know how I now should evaluate this control.

  • Is this a false positive and need Qualys to correct this?
  • Is it possible to give an insight what the control is actually checking?
  • Is this the same as described in the CIS benchmark for this platform or does this deviates? And if so what is the rationale?

 

Looking forward to your respons,

Thanks in advance Paul

Outcomes