| DISA_STIG_Oracle_Database_12c_v3r1_OS_Windows.audit from DISA Oracle Database 12c v3r1 STIG | |
| O121-BP-022200 - The Oracle password file ownership and permissions should be limited and the REMOTE_LOGIN_PASSWORDFILE parameter must be set to EXCLUSIVE or NONE. | CONFIGURATION MANAGEMENT |
| O121-BP-022700 - The Oracle Listener must be configured to require administration authentication. | CONFIGURATION MANAGEMENT |
| O121-BP-024100 - DBMS production application and data directories must be protected from developers on shared production/development DBMS host systems. | CONFIGURATION MANAGEMENT |
| O121-BP-025400 - Access to DBMS software files and directories must not be granted to unauthorized users. | CONFIGURATION MANAGEMENT |
| O121-BP-025600 - Network access to the DBMS must be restricted to authorized personnel. | CONFIGURATION MANAGEMENT |
| O121-BP-026500 - Remote administration must be disabled for the Oracle connection manager. | CONFIGURATION MANAGEMENT |
| O121-BP-026600 - Network client connections must be restricted to supported versions. | CONFIGURATION MANAGEMENT |
| O121-C1-004500 - DBA OS accounts must be granted only those host system privileges necessary for the administration of the DBMS. | CONFIGURATION MANAGEMENT |
| O121-C1-015400 - The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key. | IDENTIFICATION AND AUTHENTICATION |
| O121-C1-019700 - The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission unless the transmitted data is otherwise protected by alternative physical measures. | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-C2-001700 - The DBMS must support the disabling of network protocols deemed by the organization to be nonsecure. | CONFIGURATION MANAGEMENT |
| O121-C2-004400 - OS accounts utilized to run external procedures called by the DBMS must have limited privileges. | CONFIGURATION MANAGEMENT |
| O121-C2-011810 - Access to external executables must be disabled or restricted. | CONFIGURATION MANAGEMENT |
| O121-C2-012900 - The DBMS must use multifactor authentication for access to user accounts. | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-014600 - The DBMS must support organizational requirements to enforce password encryption for storage. | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-015100 - DBMS passwords must not be stored in compiled, encoded, or encrypted batch jobs or compiled, encoded, or encrypted application source code. | CONFIGURATION MANAGEMENT |
| O121-C2-016600 - The DBMS must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-019100 - The DBMS must protect against or limit the effects of organization-defined types of Denial of Service (DoS) attacks. | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-N1-015602 - When using command-line tools such as Oracle SQL*Plus, which can accept a plain-text password, users must use an alternative logon method that does not expose the password. | CONFIGURATION MANAGEMENT |
| O121-OS-011200 - The OS must limit privileges to change the DBMS software resident within software libraries (including privileged programs). | CONFIGURATION MANAGEMENT |
