Oracle 12c Database STIG Breakdown


This post contains a listing of all 199 Oracle 12c Database STIG controls from Release 16 (24 January 2020), organized by the five major categories of database security...

FIPS is a Four Letter Word


FIPS is a four letter word. It is also a source of some confusion when it comes to the Oracle database and DISA STIG compliance, which I will attempt to sort out to the best of my ability in this post.

How to Limit a User Connection to a Specific IP Address


Seriously, I find all the best questions about Oracle security on forums like Oracle Communities and AskTom. Sometimes I need to be careful, though. I have a tendency to jump right to implementation details in my head without always considering all of the ramifications of the original question. Sometimes the answers seem immediately obvious, but it doesn't usually take long before someone offers an observation that makes me sit back and think that maybe my first instinct needs some qualification. Case in point...

Production vs. Development Systems


There are several STIG items that deal with the differences between production and non-production systems. Rule Title: Developers should not be assigned excessive privileges on production databases. Vuln ID: V-15114 Severity: CAT III Rule Version (STIG-ID): DG0089-ORACLE11 Discussion: Developers play a unique role and represent a specific type of threat to the security of the DBMS. … Continue reading Production vs. Development Systems