DISA STIG Oracle 12c v2r2 Windows

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Oracle 12c v2r2 Windows

Updated: 2/1/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 33

Audit Items

Description	Categories
O121-BP-022200 - The Oracle password file ownership and permissions should be limited and the REMOTE_LOGIN_PASSWORDFILE parameter must be set to EXCLUSIVE or NONE.	ACCESS CONTROL, CONFIGURATION MANAGEMENT
O121-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems.	ACCESS CONTROL
O121-BP-025400 - Access to DBMS software files and directories must not be granted to unauthorized users.
O121-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - Rules	SYSTEM AND COMMUNICATIONS PROTECTION
O121-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - tcp.invited_nodes=	SYSTEM AND COMMUNICATIONS PROTECTION
O121-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - tcp.validnode_checking=YES	SYSTEM AND COMMUNICATIONS PROTECTION
O121-BP-026500 - Remote administration must be disabled for the Oracle connection manager.	ACCESS CONTROL, CONFIGURATION MANAGEMENT
O121-BP-026600 - Network client connections must be restricted to supported versions - SQLNET.ALLOWED_LOGON_VERSION_CLIENT	CONFIGURATION MANAGEMENT
O121-BP-026600 - Network client connections must be restricted to supported versions - SQLNET.ALLOWED_LOGON_VERSION_SERVER	CONFIGURATION MANAGEMENT
O121-C1-004500 - DBA OS accounts must be granted only those host system privileges necessary for the administration of the DBMS.
O121-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key - SSL_CIPHER_SUITES	IDENTIFICATION AND AUTHENTICATION
O121-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key - SSL_CLIENT_AUTHENTICATION	IDENTIFICATION AND AUTHENTICATION
O121-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key.	IDENTIFICATION AND AUTHENTICATION
O121-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures - CLIENT	SYSTEM AND COMMUNICATIONS PROTECTION
O121-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures - SERVER	SYSTEM AND COMMUNICATIONS PROTECTION
O121-C2-001700 - The DBMS must support the disabling of network protocols deemed by the organization to be nonsecure.	CONFIGURATION MANAGEMENT
O121-C2-004400 - OS accounts utilized to run external procedures called by the DBMS must have limited privileges - run_group	CONFIGURATION MANAGEMENT
O121-C2-004400 - OS accounts utilized to run external procedures called by the DBMS must have limited privileges - run_user	CONFIGURATION MANAGEMENT
O121-C2-011810 - Access to external executables must be disabled or restricted - 'extproc.ora EXTPROC_DLLS=ANY does not exist'	ACCESS CONTROL
O121-C2-011810 - Access to external executables must be disabled or restricted - 'listener.ora EXTPROC_DLLS=ANY does not exist'	CONFIGURATION MANAGEMENT
O121-C2-011810 - Access to external executables must be disabled or restricted - 'run_user=nobody'	CONFIGURATION MANAGEMENT
O121-C2-011810 - Access to external executables must be disabled or restricted - extproc does not exist	CONFIGURATION MANAGEMENT
O121-C2-011810 - Access to external executables must be disabled or restricted - listener.ora EXTPROC is not in use	CONFIGURATION MANAGEMENT
O121-C2-011810 - Access to external executables must be disabled or restricted - ORACLE_HOME/hs/admin/extproc.ora exists	CONFIGURATION MANAGEMENT
O121-C2-011810 - Access to external executables must be disabled or restricted - run_group=nobody	CONFIGURATION MANAGEMENT
O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts - SQLNET.AUTHENTICATION_SERVICES	IDENTIFICATION AND AUTHENTICATION
O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts - SSL_CIPHER_SUITES	IDENTIFICATION AND AUTHENTICATION
O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts - SSL_CLIENT_AUTHENTICATION	IDENTIFICATION AND AUTHENTICATION
O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts - SSL_VERSION	IDENTIFICATION AND AUTHENTICATION
O121-C2-014600 - The DBMS must support organizational requirements to enforce password encryption for storage.
O121-C2-015100 - DBMS passwords must not be stored in compiled, encoded, or encrypted batch jobs or compiled, encoded, or encrypted application source code.
O121-C2-019100 - The DBMS must protect against or limit the effects of organization-defined types of Denial of Service (DoS) attacks.	SYSTEM AND COMMUNICATIONS PROTECTION
O121-N1-015602 - When using command-line tools such as Oracle SQL*Plus, which can accept a plain-text password, users must use an alternative logon method that does not expose the password.

Detections

Analytics

DISA STIG Oracle 12c v2r2 Windows

Warning! Audit Deprecated

Audit Details

Audit Items