Jun 17, 2024 |
May 17, 2024 Functional Update- O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures.
Added- O112-BP-025101 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files.
- O112-BP-025400 - Access to DBMS software files and directories must not be granted to unauthorized users.
- O112-BP-025600 - Network access to the DBMS must be restricted to authorized personnel.
- O112-BP-026400 - The /diag subdirectory under the directory assigned to the DIAGNOSTIC_DEST parameter must be protected from unauthorized access.
- O112-C1-004500 - DBA OS accounts must be granted only those host system privileges necessary for the administration of the DBMS.
- O112-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key.
- O112-C2-011810 - Access to external executables must be disabled or restricted.
- O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts.
- O112-C2-015300 - The DBMS, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor.
- O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account.
Removed- O112-BP-025101 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files - 'AUDIT_FILE_DEST Permissions'
- O112-BP-025101 - The directory assigned to the AUDIT_FILE_DEST parameter must be protected from unauthorized access and must be stored in a dedicated directory or disk partition separate from software or other application files - 'AUDIT_FILE_DEST not in ORACLEHOME'
- O112-BP-025400 - Access to DBMS software files and directories must not be granted to unauthorized users - '/etc/profile umask < 022'
- O112-BP-025400 - Access to DBMS software files and directories must not be granted to unauthorized users - 'umask < 0022'
- O112-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - TCP.INVITED_NODES
- O112-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - TCP.VALIDNODE_CHECKING
- O112-BP-026400 - The /diag subdirectory under the directory assigned to the DIAGNOSTIC_DEST parameter must be protected from unauthorized access - Ownership
- O112-BP-026400 - The /diag subdirectory under the directory assigned to the DIAGNOSTIC_DEST parameter must be protected from unauthorized access - Permissions
- O112-C1-004500 - DBA OS accounts must be granted only those host system privileges necessary for the administration of the DBMS - DBA group
- O112-C1-004500 - DBA OS accounts must be granted only those host system privileges necessary for the administration of the DBMS - Root group
- O112-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key - SSL_CIPHER_SUITES
- O112-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key - SSL_CLIENT_AUTHENTICATION
- O112-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key - SSL_VERSION
- O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures - SQLNET.CRYPTO_CHECKSUM_CLIENT
- O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures - SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT
- O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures - SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER
- O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures - SQLNET.ENCRYPTION_TYPES_CLIENT
- O112-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures - SQLNET.ENCRYPTION_TYPES_SERVER
- O112-C2-011810 - Access to external executables must be disabled or restricted - 'ORACLE_HOME/hs/admin/extproc.ora exists'
- O112-C2-011810 - Access to external executables must be disabled or restricted - 'extproc does not exist'
- O112-C2-011810 - Access to external executables must be disabled or restricted - 'extproc.ora EXTPROC_DLLS=ANY does not exist'
- O112-C2-011810 - Access to external executables must be disabled or restricted - 'listener.ora EXTPROC is not in use'
- O112-C2-011810 - Access to external executables must be disabled or restricted - 'listener.ora EXTPROC_DLLS=ANY does not exist'
- O112-C2-011810 - Access to external executables must be disabled or restricted - 'run_group=nobody'
- O112-C2-011810 - Access to external executables must be disabled or restricted - 'run_user=nobody'
- O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts - SQLNET.AUTHENTICATION_SERVICES
- O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts - SSL_CIPHER_SUITES
- O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts - SSL_CLIENT_AUTHENTICATION
- O112-C2-012900 - The DBMS must use multifactor authentication for access to user accounts - SSL_VERSION
- O112-C2-015300 - The DBMS, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor - SSL_CIPHER_SUITES
- O112-C2-015300 - The DBMS, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor - SSL_CLIENT_AUTHENTICATION
- O112-C2-015300 - The DBMS, when utilizing PKI-based authentication, must validate certificates by constructing a certification path with status information to an accepted trust anchor - SSL_VERSION
- O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_CIPHER_SUITES
- O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_CLIENT_AUTHENTICATION
- O112-C2-015500 - The DBMS must ensure that PKI-based authentication maps the authenticated identity to the user account - SSL_VERSION
|
