| 1.3 Leverage the least privilege principle | |
| 3.1.1 Enable audit buffer | |
| 3.1.3 Require explicit authorization for cataloging | |
| 3.1.4 Disable data links support | |
| 3.1.5 Secure default database location - DFTDBPATH set to INSTANCE_HOME | |
| 3.1.7 Set diagnostic logging to capture errors and warnings | |
| 3.1.9 Require instance name for discovery requests | |
| 3.1.10 Disable instance discoverability | |
| 3.1.11 Authenticate federated users at the instance level | ACCESS CONTROL |
| 3.1.12 Enable instance health monitoring | |
| 3.1.13 Retain fenced model processes | |
| 3.1.14 Set maximum connection limits - MAX_CONNECTIONS | ACCESS CONTROL |
| 3.1.14 Set maximum connection limits - MAX_COORDAGENTS | ACCESS CONTROL |
| 3.1.15 Set administrative notification level | AUDIT AND ACCOUNTABILITY |
| 3.1.16 Enable server-based authentication | IDENTIFICATION AND AUTHENTICATION |
| 3.2.4 Secure permissions for the primary archive log location | |
| 3.2.5 Secure permissions for the secondary archive log location | |
| 3.2.6 Secure permissions for the tertiary archive log location | |
| 3.2.7 Secure permissions for the log mirror location | |
| 4.2 Review security rule exemptions | |
| 4.3 Review security label components | |
| 4.4 Review security label policies | |
| 4.5 Review security labels | |
| 5.1 Enable backup redundancy | |
| 5.2 Protect backups | |
| 5.3 Enable automatic database maintenance | |
| 5.4 Schedule Runstat and Reorg | |
| 6.1 Restrict Access to SYSCAT.AUDITPOLICIES | ACCESS CONTROL |
| 6.2 Restrict Access to SYSCAT.AUDITUSE | ACCESS CONTROL |
| 6.3 Restrict Access to SYSCAT.DBAUTH | ACCESS CONTROL |
| 6.4 Restrict Access to SYSCAT.COLAUTH | ACCESS CONTROL |
| 6.5 Restrict Access to SYSCAT.EVENTS | ACCESS CONTROL |
| 6.6 Restrict Access to SYSCAT.EVENTTABLES | ACCESS CONTROL |
| 6.7 Restrict Access to SYSCAT.ROUTINES | ACCESS CONTROL |
| 6.8 Restrict Access to SYSCAT.INDEXAUTH | ACCESS CONTROL |
| 6.9 Restrict Access to SYSCAT.PACKAGEAUTH | ACCESS CONTROL |
| 6.10 Restrict Access to SYSCAT.PACKAGES | ACCESS CONTROL |
| 6.11 Restrict Access to SYSCAT.PASSTHRUAUTH | ACCESS CONTROL |
| 6.12 Restrict Access to SYSCAT.SECURITYLABELACCESS | ACCESS CONTROL |
| 6.13 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTELEMENTS | ACCESS CONTROL |
| 6.14 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTS | ACCESS CONTROL |
| 6.15 Restrict Access to SYSCAT.SECURITYLABELS | ACCESS CONTROL |
| 6.16 Restrict Access to SYSCAT.SECURITYPOLICIES | ACCESS CONTROL |
| 6.17 Restrict Access to SYSCAT.SECURITYPOLICYCOMPONENTRULES | ACCESS CONTROL |
| 6.18 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS | ACCESS CONTROL |
| 6.19 Restrict Access to SYSCAT.SURROGATEAUTHIDS | ACCESS CONTROL |
| 6.20 Restrict Access to SYSCAT.ROLEAUTH | ACCESS CONTROL |
| 6.21 Restrict Access to SYSCAT.ROLES | ACCESS CONTROL |
| 6.22 Restrict Access to SYSCAT.ROUTINEAUTH | ACCESS CONTROL |
| 6.23 Restrict Access to SYSCAT.SCHEMAAUTH | ACCESS CONTROL |
