Oracle Database 12c Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Replication accounts must not be granted DBA privileges.
Replication accounts may be used to access databases defined for the replication architecture. An exploit of a replication on one database could lead to the compromise of any database participating...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
Network access to the DBMS must be restricted to authorized personnel.
Restricting remote access to specific, trusted systems helps prevent access by unauthorized and potentially malicious users.Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
Changes to configuration options must be audited.
When standard auditing is in use, the AUDIT_SYS_OPERATIONS parameter is used to enable auditing of actions taken by the user SYS. The SYS user account is a shared account by definition and holds al...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
SRG-APP-000516-DB-000363
Group -
Remote database or other external access must use fully-qualified names.
The Oracle GLOBAL_NAMES parameter is used to set the requirement for database link names to be the same name as the remote database whose connection they define. By using the same name for both, am...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
The /diag subdirectory under the directory assigned to the DIAGNOSTIC_DEST parameter must be protected from unauthorized access.
<DIAGNOSTIC_DEST>/diag indicates the directory where trace, alert, core and incident directories and files are located. The files may contain sensitive data or information that could prove useful t...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
Remote administration must be disabled for the Oracle connection manager.
Remote administration provides a potential opportunity for malicious users to make unauthorized changes to the Connection Manager configuration or interrupt its service.Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
Network client connections must be restricted to supported versions.
Unsupported Oracle network client installations may introduce vulnerabilities to the database. Restriction to use of supported versions helps to protect the database and helps to enforce newer, mor...Rule Medium Severity -
SRG-APP-000176-DB-000068
Group -
SRG-APP-000001-DB-000031
Group -
SRG-APP-000023-DB-000001
Group -
SRG-APP-000033-DB-000084
Group -
The DBMS must enforce approved authorizations for logical access to the system in accordance with applicable policy.
Strong access controls are critical to securing application data. Access control policies (e.g., identity-based policies, role-based policies, attribute-based policies) and access enforcement mecha...Rule High Severity -
SRG-APP-000089-DB-000064
Group -
The DBMS must provide audit record generation capability for organization-defined auditable events within the database.
Audit records can be generated from various components within the information system. (e.g., network interface, hard disk, modem, etc.). From an application perspective, certain specific applicatio...Rule Medium Severity -
SRG-APP-000090-DB-000065
Group -
SRG-APP-000091-DB-000066
Group -
SRG-APP-000095-DB-000039
Group -
SRG-APP-000096-DB-000040
Group -
SRG-APP-000097-DB-000041
Group -
SRG-APP-000098-DB-000042
Group -
The DBMS must produce audit records containing sufficient information to establish the sources (origins) of the events.
Information system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes, but is not limite...Rule Medium Severity -
SRG-APP-000099-DB-000043
Group -
SRG-APP-000100-DB-000201
Group -
SRG-APP-000101-DB-000044
Group -
SRG-APP-000118-DB-000059
Group -
SRG-APP-000119-DB-000060
Group -
The system must protect audit information from unauthorized modification.
If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracit...Rule Medium Severity -
SRG-APP-000120-DB-000061
Group -
SRG-APP-000121-DB-000202
Group -
SRG-APP-000122-DB-000203
Group -
SRG-APP-000123-DB-000204
Group -
SRG-APP-000133-DB-000200
Group -
SRG-APP-000141-DB-000090
Group -
SRG-APP-000141-DB-000091
Group -
Unused database components, DBMS software, and database objects must be removed.
Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...Rule Medium Severity -
SRG-APP-000141-DB-000092
Group -
SRG-APP-000141-DB-000093
Group -
SRG-APP-000141-DB-000093
Group -
SRG-APP-000142-DB-000094
Group -
SRG-APP-000171-DB-000074
Group -
The DBMS must support organizational requirements to enforce password encryption for storage.
Applications must enforce password encryption when storing passwords. Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are n...Rule High Severity -
SRG-APP-000175-DB-000067
Group -
SRG-APP-000177-DB-000069
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.