Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: DOD security

RE: DOD security

From: Goulet, Dick <DGoulet_at_vicr.com>
Date: Wed, 6 Jul 2005 12:35:35 -0400
Message-ID: <4001DEAF7DF9BD498B58B45051FBEA6502A51FDF@25exch1.vicorpower.vicr.com> 





Ruth,
 


    It has been a LONG time since I was involved with a project like
this and even then we were using a "special" version of Oracle called
Trusted Oracle.  Don't know if it's available anymore.  Anyhow it was a
project for Strategic Air Command, now Air Combat Command, that was very
classified.  The Trusted Oracle had provisions in it to declare data at
the row and column levels as having a classification of Top Secret,
Secret, Confidential, Restricted, and Unclassified.  People also had
security attached to them.  It was kinda interesting as you'd select
data from a table and rows and columns would null out based on the
assigned security of the data involved and the clearance you had.
Auditing was also automatic for anything other than Unclassified.
Managing the security was also a full time job for one person.
 


Dick Goulet, MSgt, USAF(retired)






From: oracle-l-bounce_at_freelists.org


[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Ruth Gramolini
Sent: Wednesday, July 06, 2005 11:31 AM


To: oracle-l


Subject: DOD security 




Good morning all;
 


We are in the process of complying with the IRS security regulations,
This is a requirement since our systems contain IRS data. They have
adopted the regulations as designed by the DOD as outlines in 'Database
Security Technical Implementation Guide Versio 7 Release 1' .  Has
anyone implemented the requirements for an Oracle Database?  If so,
would you be willing to share your implementation plan with me?  We are
running Oracle on AIX boxes.  Specifically, I would like to know if you
use Oracle auditing and if so what are you auditing.  If you are using
the OS for auditing we would like to know the how's and how to's about
this too.  
 


We do have a security log built into our application and this should
cover some of the requirements.  However, it might just be easier to
implement Oracle auditing on the entire database.  
 


If anyone would be willing to answer specific questions off list that
would be a help too.
 


Thanks in advance,
  


Ruth Gramolini


Oracle DBA


Vermont Department of Taxes


Phone 802-828-5708


Email rgramolini_at_tax.state.vt.us 
 
 


--
http://www.freelists.org/webpage/oracle-l


Received on Wed Jul 06 2005 - 11:38:03 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US