Revision 1.16Dec 14, 2018
Informational Update
- 1.20 All associated application files - 'Verify permissions'
- 11.04 Fine grained access - 'Use fine grain access control within objects'
- 12.37 Oracle Installation - 'Oracle software owner account name NOT 'oracle''
- 12.39 Alerts on high priority incidents - 'Create processes to alert'
- 12.40 Intelligent agent - 'Do not use'
- 12.41 Oracle Advanced Security- 'Implement if appropriate'
- 12.42 Application PL/SQL code- 'Wrap'
- 12.43 PL/SQL code variables and constants- 'Obscure'
- 12.44 Hard coded data in PL/SQL and application source code - 'Avoid or encrypt'
- 12.45 Decommissioned applications - 'Remove all components'
- 12.46 Usernames and passwords - 'Do not hardcode in application source code'
- 12.47 DDL statements in application - 'Disallow'
- 12.48 Reporting tool interface and authentication - 'Review'
- 12.49 Enabling of batch process account - 'Time enabled'
- 12.50 Passwords for batch processes - 'Secure'
- 12.51 External account access for batch processes - 'Disallow'
- 12.52 Object and table owners - 'Review'
- 12.53 Data in development databases - 'Protect'
- 12.54 Database links to production databases - 'Avoid links from development database'
- 12.55 User permissions - 'Review'
- 12.56 Procedures for backup tape retrieval - 'Review'
- 12.57 Intrusion detection system on host - 'Utilize'
- 12.58 Multiple listeners - 'Create separate listeners for client and administratorion'
- 12.60 Policy Caching - 'Policy caches must be purged'
- 12.61 Policy Functions - 'Users should not have execute, alter or drop privileges on policy functions'
- 12.62 Passwords - 'Remove password parameters from configuration files utilized for Silent Installations'
- 12.63 Security of transmitted data - 'Any data sent over a network must be secure or must be sent via a secure protocol.'
- 14.01 Oracle Label Security - 'Where possible use Oracle Label Security'
- 14.02 Oracle Label Security - 'Hide label column'
- 14.03 Oracle Label Security - 'Include LABEL_UPDATE'
- 14.04 Oracle Label Security - 'Limit manipulation'
- 14.05 Oracle Label Security - 'Have a secure and separate data copy before implementing OLS.'
- 14.06 Oracle Label Security - 'Where applicable and possible, store labels in the Oracle Internet Directory(OID)'
- 14.07 RAID file system - 'Implement'
- 14.08 Magnetically wipe failed disks - 'Implement'
- 14.09 Backups on system disks - 'Verify permissions'
- 14.10 Off site backup storage - 'Implement'
- 14.11 Recovery procedures - 'Document and Test'
- 14.12 Backup and restore procedures - 'Document and Test'
- 14.13 Screening router - 'Implement to restrict access to database host'
- 14.14 Personal firewall - 'Implement on database administration machines'
- 2.11 Third party default passwords - 'Set all default account passwords to non-default strong password'
- 4.27 Accounts - 'Lock account access for application schema owners'
- 5.01 OAS - 'General - Review requirement for integrity and confidentiality requirements'
- 5.07 OAS - Encryption Methods - 'Encryption keys for both client and server must be set to the maximum feasible value.'
- 5.10 OAS - 'Oracle Wallet Owner Permissions - Set Configuration method for Oracle Wallet. '
- 5.11 OAS - 'Oracle Wallet Trusted Certificates - Remove certificate authorities (CAs) that are not required.'
- 5.12 OAS - 'Oracle Wallet Trusted Certificates Import - When adding CAs, verify fingerprint of CA certificates'
- 5.13 OAS - 'Certificate Request Key Size - Request the maximum key size.'
- 5.14 OAS - 'Server Oracle Wallet Auto Login - Allow Auto Login for the server's Oracle Wallet'
- 5.15 OAS - 'SSL Tab - SSL is preferred method. If PKI is not possible, use OAS Integrity/Encryption.'
- 5.20 OAS - 'Encryption Tab - Use OAS encryption only if SSL is not feasible'
- 5.21 Encryption - 'Use a procedure that employs a content data element as the encryption key that is unique for each record.'
- 5.22 Encryption - 'Use RAW or BLOB for the storage of encrypted data'
- 5.23 Encryption - 'Use a virtual private database (VPD) to protect rows by implementing Oracle Label Security(OLS).'
- 7.08 Failsafe - 'Failsafe must be engaged'
Miscellaneous
- Metadata updated.
- References updated.