CIS Oracle 9 10 Windows Level2 v2.01

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle 9 10 Windows Level2 v2.01

Updated: 7/30/2020

Authority: CIS

Plugin: Windows

Revision: 1.20

Estimated Item Count: 84

Audit Changelog


Revision 1.20 Jul 30, 2020 Miscellaneous Audit deprecated. Metadata updated.
Revision 1.19 Apr 22, 2020 Miscellaneous Metadata updated. References updated.
Revision 1.18 Aug 5, 2019 Miscellaneous See also link updated.
Revision 1.17 Feb 8, 2019 Miscellaneous Metadata updated. References updated.
Revision 1.16 Dec 14, 2018 Informational Update 1.20 All associated application files - 'Verify permissions' 11.04 Fine grained access - 'Use fine grain access control within objects' 12.37 Oracle Installation - 'Oracle software owner account name NOT 'oracle'' 12.39 Alerts on high priority incidents - 'Create processes to alert' 12.40 Intelligent agent - 'Do not use' 12.41 Oracle Advanced Security- 'Implement if appropriate' 12.42 Application PL/SQL code- 'Wrap' 12.43 PL/SQL code variables and constants- 'Obscure' 12.44 Hard coded data in PL/SQL and application source code - 'Avoid or encrypt' 12.45 Decommissioned applications - 'Remove all components' 12.46 Usernames and passwords - 'Do not hardcode in application source code' 12.47 DDL statements in application - 'Disallow' 12.48 Reporting tool interface and authentication - 'Review' 12.49 Enabling of batch process account - 'Time enabled' 12.50 Passwords for batch processes - 'Secure' 12.51 External account access for batch processes - 'Disallow' 12.52 Object and table owners - 'Review' 12.53 Data in development databases - 'Protect' 12.54 Database links to production databases - 'Avoid links from development database' 12.55 User permissions - 'Review' 12.56 Procedures for backup tape retrieval - 'Review' 12.57 Intrusion detection system on host - 'Utilize' 12.58 Multiple listeners - 'Create separate listeners for client and administratorion' 12.60 Policy Caching - 'Policy caches must be purged' 12.61 Policy Functions - 'Users should not have execute, alter or drop privileges on policy functions' 12.62 Passwords - 'Remove password parameters from configuration files utilized for Silent Installations' 12.63 Security of transmitted data - 'Any data sent over a network must be secure or must be sent via a secure protocol.' 14.01 Oracle Label Security - 'Where possible use Oracle Label Security' 14.02 Oracle Label Security - 'Hide label column' 14.03 Oracle Label Security - 'Include LABEL_UPDATE' 14.04 Oracle Label Security - 'Limit manipulation' 14.05 Oracle Label Security - 'Have a secure and separate data copy before implementing OLS.' 14.06 Oracle Label Security - 'Where applicable and possible, store labels in the Oracle Internet Directory(OID)' 14.07 RAID file system - 'Implement' 14.08 Magnetically wipe failed disks - 'Implement' 14.09 Backups on system disks - 'Verify permissions' 14.10 Off site backup storage - 'Implement' 14.11 Recovery procedures - 'Document and Test' 14.12 Backup and restore procedures - 'Document and Test' 14.13 Screening router - 'Implement to restrict access to database host' 14.14 Personal firewall - 'Implement on database administration machines' 2.11 Third party default passwords - 'Set all default account passwords to non-default strong password' 4.27 Accounts - 'Lock account access for application schema owners' 5.01 OAS - 'General - Review requirement for integrity and confidentiality requirements' 5.07 OAS - Encryption Methods - 'Encryption keys for both client and server must be set to the maximum feasible value.' 5.10 OAS - 'Oracle Wallet Owner Permissions - Set Configuration method for Oracle Wallet. ' 5.11 OAS - 'Oracle Wallet Trusted Certificates - Remove certificate authorities (CAs) that are not required.' 5.12 OAS - 'Oracle Wallet Trusted Certificates Import - When adding CAs, verify fingerprint of CA certificates' 5.13 OAS - 'Certificate Request Key Size - Request the maximum key size.' 5.14 OAS - 'Server Oracle Wallet Auto Login - Allow Auto Login for the server's Oracle Wallet' 5.15 OAS - 'SSL Tab - SSL is preferred method. If PKI is not possible, use OAS Integrity/Encryption.' 5.20 OAS - 'Encryption Tab - Use OAS encryption only if SSL is not feasible' 5.21 Encryption - 'Use a procedure that employs a content data element as the encryption key that is unique for each record.' 5.22 Encryption - 'Use RAW or BLOB for the storage of encrypted data' 5.23 Encryption - 'Use a virtual private database (VPD) to protect rows by implementing Oracle Label Security(OLS).' 7.08 Failsafe - 'Failsafe must be engaged' Miscellaneous Metadata updated. References updated.