Securing your data through preventative measures has never been more important than it is today. With the high rate of change in DevOps-oriented development teams and the profilferation of data across on-premise and cloud environments, it has become challenging for orgnaizations to rely on traditional manual efforts and best practices to maintain configuration control. Any undetected insecure configuration change increases the risk of security exposure. With the massive amount of sensitive data in your data-center and databases hosted in cloud IaaS environments, it only takes a single mistake for the “bad guys” to be able to exploit a misconfiguration and exfiltrate your data.
Configuration and Compliance management has been part of Oracle Enterprise Manager Database Lifecycle Management for a long time with out-of-box support for security standards like Security Technical Implementation Guide (STIG) and Oracle’s security best practices for Oracle Database instances. Now, Oracle Enterprise Manager has been certified by The Center for Internet Security (CIS) Benchmarks™ for both Traditional and Unified auditing profiles. This will enable continuous monitoring of the security posture of Oracle Database configuration against the profiles contained in the CIS Benchmark for Oracle Database 12c v2.1.0, Level 1- RDBMS. Organizations that leverage Oracle Enterprise Manager can now ensure that the configurations of their critical assets align with the CIS Benchmarks consensus-based security standards.
“Data security is critical for all enterprises, large and small. With the latest release update, Enterprise Manager is now certified by the Center For Internet Security (CIS), and we have also incorporated new compliance standards from others third parties such as STIG from the US Department of Defense. We are also shipping several new Oracle-provided security standards. These capabilities help to secure database configurations and improve our customers’ cyberdefense posture.”
Mughees Minhas, Product Management Vice President, Enterprise and Cloud Manageability
The CIS v2.1.0 benchmark supports best practices for both Traditional and Unified auditing profiles in Oracle 12c Database for Single-Instance Database and Cluster Database instances. Below is a screenshot of what the listings look like in the Enterprise Manager Compliance Framework.
Figure 1. CIS Benchmarks as they appear in the Enterprise Manager user interface.
CIS provides comprehensive configuration coverage for Oracle database that are categorized into:
Below are various configuration areas covered for each category:
Figure 2. Configuration areas in the CIS Benchmarks for Oracle Database.
With Oracle Enteprise Manager, you can use the out-of-box CIS benchmark for your Oracle Database assets or you can customize any of agent-side compliance rules with SQL queries provided to align with your IT Security Policy. These agent-side rules help you:
In addition to the CIS Benchmarks included in the latest release of Oracle Enterprise Manager, we’ve also included new Oracle-provided Security benchmarks for Database 18 and 19. We’re committed to continuing to bring you best-in-class security offerings to harden your security posture across your data estate, whether on-premise or in the cloud.
For more information about Oracle Enterprise Manager, visit https://www.ciscecurity.org. and for more information about the Center for Internet Security (CIS), visit