X

An Oracle blog about Oracle Enterprise Manager and Oracle Management Cloud

  • June 3, 2020

Enterprise Manager CIS Benchmark Certification Secures Oracle Database Configuration

Harish Niddagatta
Product Manager

Securing your data through preventative measures has never been more important than it is today.  With the high rate of change in DevOps-oriented development teams and the profilferation of data across on-premise and cloud environments, it has become challenging for orgnaizations to rely on traditional manual efforts and best practices to maintain configuration control.  Any undetected insecure configuration change increases the risk of security exposure. With the massive amount of sensitive data in your data-center and databases hosted in cloud IaaS environments, it only takes a single mistake for the “bad guys” to be able to exploit a misconfiguration and exfiltrate your data.

 

Configuration and Compliance management has been part of Oracle Enterprise Manager Database Lifecycle Management for a long time with out-of-box support for security standards like Security Technical Implementation Guide (STIG) and Oracle’s security best practices for Oracle Database instances.  Now, Oracle Enterprise Manager has been certified by The Center for Internet Security (CIS) Benchmarks™ for both Traditional and Unified auditing profiles. This will enable continuous monitoring of the security posture of Oracle Database configuration against the profiles contained in the CIS Benchmark for Oracle Database 12c  v2.1.0, Level 1- RDBMS. Organizations that leverage Oracle Enterprise Manager can now ensure that the configurations of their critical assets align with the CIS Benchmarks consensus-based security standards.

 

“Data security is critical for all enterprises, large and small.  With the latest release update, Enterprise Manager is now certified by the Center For Internet Security (CIS), and we have also incorporated new compliance standards from others third parties such as STIG from the US Department of Defense.  We are also shipping several new Oracle-provided security standards. These capabilities help to secure database configurations and improve our customers’ cyberdefense posture.” 

Mughees Minhas, Product Management Vice President, Enterprise and Cloud Manageability

 

The CIS v2.1.0 benchmark supports best practices for both Traditional and Unified auditing profiles in Oracle 12c Database for Single-Instance Database and Cluster Database instances. Below is a screenshot of what the listings look like in the Enterprise Manager Compliance Framework.

Figure 1.  CIS Benchmarks as they appear in the Enterprise Manager user interface.

CIS provides comprehensive configuration coverage for Oracle database that are categorized into:

  • Installation
  • Parameters
  • Connectivity
  • User Privileges
  • Auditing

Below are various configuration areas covered for each category:

Figure 2.  Configuration areas in the CIS Benchmarks for Oracle Database.

With Oracle Enteprise Manager, you can use the out-of-box CIS benchmark for your Oracle Database assets or you can customize any of agent-side compliance rules with SQL queries provided to align with your IT Security Policy. These agent-side rules help you:

  • Continuously monitor any configuration vulnerability
  • Assess if users and administrators have least amount of privileges required
  • Audit all administrative privileges
  • Remediate any violations

In addition to the CIS Benchmarks included in the latest release of Oracle Enterprise Manager, we’ve also included new Oracle-provided Security benchmarks for Database 18 and 19.  We’re committed to continuing to bring you best-in-class security offerings to harden your security posture across your data estate, whether on-premise or in the cloud.

For more information about Oracle Enterprise Manager, visit http://www.oracle.com/enterprise-manager and for more information about the Center for Internet Security (CIS), visit https://www.ciscecurity.org.

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.