| 1.13 Oracle software owner host account - 'Lock account' | ACCESS CONTROL |
| 1.14 All associated application files - 'Verify permissions' | |
| 2.06 listener.ora - 'Use IP addresses rather than hostnames' | CONFIGURATION MANAGEMENT |
| 2.10 OEM objects - 'Remove if OEM not used' | CONFIGURATION MANAGEMENT |
| 2.11 listener.ora - 'Change standard ports' | CONFIGURATION MANAGEMENT |
| 2.14 Oracle Installation - 'Oracle software owner account name NOT oracle' | ACCESS CONTROL |
| 2.15 Oracle Installation - 'Separate users for different components of Oracle' | |
| 4.12 init.ora - 'sql92_security = TRUE' | ACCESS CONTROL |
| 4.13 listener.ora - 'admin_restrictions_listener_name = on' | ACCESS CONTROL |
| 4.16 init.ora - 'o7_dictionary_accessibility = FALSE' | ACCESS CONTROL |
| 4.17 spfile<sid>.ora - 'Remove the following from the spfile: dispatches= (PROTOCOL=TCP) (SERVICE=<sid>XDB)' | CONFIGURATION MANAGEMENT |
| 4.18 init.ora - 'audit_sys_operations = TRUE' | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.18 spfile<sid>.ora - 'audit_sys_operations = TRUE' | AUDIT AND ACCOUNTABILITY |
| 4.19 listener.ora - 'inbound_connect_timeout_listener = 2' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.20 sqlnet.ora - 'tcp.validnode_checking = YES' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.21 sqlnet.ora - 'Set tcp.invited_nodes to valid values' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.22 sqlnet.ora - 'Set tcp.excluded_nodes to valid values' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.23 sqlnet.ora - 'sqlnet.inbound_connect_timeout = 3' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.24 sqlnet.ora - 'sqlnet.expire_time = 10' | ACCESS CONTROL |
| 4.26 init.ora - 'remote_login_passwordfile = NONE' | ACCESS CONTROL |
| 4.27 sqlnet.ora - 'sqlnet.allowed_logon_version = 11' | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.28 listener.ora - 'Use absolute paths in ENVS parameters' | CONFIGURATION MANAGEMENT |
| 4.29 cman.ora - 'remote_admin = NO' | CONFIGURATION MANAGEMENT |
| 4.30 listener.ora, tnsnames.ora - 'Disable external procedures' | |
| 4.31 init.ora - 'sec_return_server_release_banner = FALSE' | CONFIGURATION MANAGEMENT |
| 4.32 init.ora - 'db_securefile = ALWAYS' | CONFIGURATION MANAGEMENT |
| 4.39 listener.ora - 'secure_control_listener_name = (TCP,IPC)' | ACCESS CONTROL |
| 4.41 listener.ora - 'secure_register_listener_name = (TCP,IPC)' | ACCESS CONTROL |
| 4.42 listener.ora - 'dynamic_registration_listener_name = OFF' | ACCESS CONTROL |
| 5.01 OAS - 'General - Review requirement for integrity and confidentiality requirements' | |
| 5.02 OAS - 'Encryption Type - sqlnet.encryption_server = REQUIRED' | ACCESS CONTROL |
| 5.03 OAS - 'Encryption Type - sqlnet.encryption_client = REQUIRED' | ACCESS CONTROL |
| 5.04 OAS - 'FIPS Compliance - sslfips_140 = TRUE' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.05 OAS - 'Integrity Protection - sqlnet.crypto_checksum_client = REQUIRED' | ACCESS CONTROL |
| 5.05 OAS - 'Integrity Protection - sqlnet.crypto_checksum_server = REQUIRED' | ACCESS CONTROL |
| 5.06 OAS - 'Integrity Protection - sqlnet.crypto_checksum_types_server = (SHA1)' | ACCESS CONTROL |
| 5.07 OAS - 'Oracle Wallet Owner Permissions - Set Configuration method for Oracle Wallet.' | |
| 5.08 OAS - 'Oracle Wallet Trusted Certificates - Remove certificate authorities (CAs) that are not required.' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.09 OAS - 'Oracle Wallet Trusted Certificates Import - When adding CAs, verify fingerprint of CA certificates' | |
| 5.10 OAS - 'Certificate Request Key Size - Request the maximum key size.' | |
| 5.11 OAS - 'Server Oracle Wallet Auto Login - Allow Auto Login for the server's Oracle Wallet' | |
| 5.12 OAS - 'SSL Tab - SSL is preferred method. If PKI is not possible, use OAS Integrity/Encryption.' | |
| 5.13 OAS - 'SSL Version - Set SSL version ssl_version = 3.0' | CONFIGURATION MANAGEMENT |
| 5.14 OAS - 'SSL Cipher Suite - Set SSL Cipher Suite. ssl_cipher_suites = SSL_RSA_WITH_3DES_EDE_CBC_SHA' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 OAS - 'SSL Client DN Match - Set tnsnames file to include ssl_server_cert_dn parameter with the DN of the certificate' | CONFIGURATION MANAGEMENT |
| 5.16 OAS - 'SSL Client Authentication - ssl_client_authentication = TRUE' | ACCESS CONTROL |
| 5.17 OAS - 'Encryption Tab - Use OAS encryption only if SSL is not feasible' | |
| 5.18 Encryption - 'Where possible, use a procedure that employs a content data element as the encryption key that is unique for each record' | |
| 5.19 Encryption - 'Use RAW or BLOB for the storage of encrypted data' | |
| 5.20 Encryption - 'If keys are stored in a table in the database, access to the keys should be limited under a secure role' | |
