U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

CIS Oracle Database 11g Benchmark v1.0.1 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Oracle Database 11g cpe:/a:oracle:database_server:11 (View CVEs)

Checklist Highlights

Checklist Name:
CIS Oracle Database 11g Benchmark
Checklist ID:
265
Version:
v1.0.1
Type:
Compliance
Review Status:
Archived
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
01/23/2009

Checklist Summary:

This document is derived from research conducted utilizing the Oracle 11g program, the Oracle's Technology Network (otn.oracle.com), various published books and the Oracle 11g Database Security Guidelines. This document provides the necessary settings and procedures for the secure installation, setup, configuration, and operation of an Oracle 11g database environment. With the use of the settings and procedures in this document, an Oracle database may be secured from conventional out-of-the-box threats. Recognizing the nature of security cannot and should not be limited to only the application, the scope of this document is not limited to only Oracle specific settings or configurations, but also addresses backups, archive logs, best practices, processes and procedures that are applicable to general software and hardware security

Checklist Role:

  • Database Management System

Known Issues:

Not provided.

Target Audience:

Database Administrator

Target Operational Environment:

  • Managed

Testing Information:

Applicable items were verified and tested against an Oracle 11g default install on a Redhat Enterprise Sever 5. The Oracle version used was 11.1.0.6.0.Where the default setting is less secure than the recommended setting a caution has been provided in the comment section below the separator bar or as a note below a chapter heading. Default installs for both the operating system and the database may differ dependent on versions and options installed so this is to be used as a general guide only. Linux settings should translate to other varieties of Linux, but were only tested against RHEL5. If any differences are found, please contact the CIS team.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Proper use of the recommendations requires careful analysis and adaptation to specific user requirements. The recommendations are not in any way intended to be a quick fix for anyones information security needs. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the products or the recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any product or recommendation. CIS is providing the products and the recommendations as is and as available without representations, warranties or covenants of any kind.

Product Support:

http://www.oracle.com/support/index.html

Point of Contact:

cis-feedback@cisecurity.org

Sponsor:

Not provided.

Licensing:

Oracle Technology Network Developer License Terms

Change History: 

08-12-2008-Version 1.0.0-Initial Public Release
01-23-2009-Version 1.0.1
Updated URL - 7/26/19
updated status to archived - 2/23/24

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 02/23/2024