TickYouOff
Sign in
Back
🔒

Oracle Database 19c STIG

Hard 16 items · 1 week
testuser's avatar
testuser Published 1 month ago
Security

This checklist distills key steps from the Oracle Database 19c Security Technical Implementation Guide (STIG) to secure Oracle databases in managed environments. It’s for DBAs, system administrators, and security teams implementing DoD-aligned controls and hardening measures.

Source: https://ncp.nist.gov/checklist/1275

Progress
0 / 16
  1. Inventory database and take full backup — Record versions, patch level, configuration, and take a verified full backup before changes.
  2. Apply Oracle CPU and PSU patches — Install latest Critical Patch Updates and Patch Set Updates from Oracle.
  3. Secure SYS and SYSTEM accounts — Lock or rename default accounts and use dedicated administrative accounts.
  4. Enforce least privilege for database accounts — Remove unnecessary DBA roles and grant minimal privileges required for tasks.
  5. Configure strong password and authentication policies — Set complexity, expiration, reuse, and account lockout policies per guidelines.
  6. Enable and configure unified auditing — Turn on unified audit framework to capture privileged and security-related events.
  7. Enable Oracle unified auditing — Activate unified auditing at the database level if not already enabled.
  8. Create audit policies for privileged actions — Define and enable policies for SYS, DDL, privilege changes, and login failures.
  9. Encrypt sensitive data at rest using Transparent Data Encryption (TDE) — Enable TDE for tablespaces or columns that store sensitive information.
  10. Enable TLS for client connections and secure interconnect — Configure strong ciphers and enforce certificate validation for clients and replication.
  11. Secure Oracle Net Listener configuration — Restrict listener access, require valid node checking, and remove unsecured endpoints.
  12. Restrict network access and firewall database ports — Limit database ports to authorized hosts, and use network segmentation.
  13. Harden file system and OS permissions for Oracle files — Ensure proper ownership and minimal permissions on Oracle binaries and datafiles.
  14. Remove or disable unused sample schemas and demo objects — Drop or secure sample schemas and example code that could expose data.
  15. Implement monitoring and log review procedures — Forward audit logs to SIEM and schedule regular reviews of security events.
  16. Schedule regular backup restore and disaster recovery tests — Periodically test restores to validate backups and recovery procedures.
Sign in to save
📝 My Notes