compliance framework

Associating Oracle Database 12c Databases with Compliance Standards

In my last post, I walked you through the first part of installing the Oracle Database 12c STIG compliance standards sample code. The next step to using these compliance standards is to associate your Oracle Database 12c databases with these standards. You may recall there are two separate standards in the sample code, one for multitenant databases and the other for conventional architecture databases. The process of associating the databases is the same in each case. You simply have to choose the compliance standard that matches your architecture. In this walkthrough, I will show you how to associate a multitenant database with the “Oracle 12c PDB STIG” compliance standard.

The first step is to go to the “Compliance Standards” tab on the “Compliance Framework” page. To access this, follow the menu path “Enterprise” -> “Compliance” -> “Library”:

Installing the Oracle Database 12c STIG Compliance Standard Sample Code

In a recent post, I announced the release of some sample code that created two new compliance standards for DISA’s Oracle Database 12c Security Technical Implementation Guide. The sample code includes details on how to install the compliance standards, but I wanted to walk you through an example of installing it with screenshots and more commentary than is in the sample code. So let’s start off with some of the assumptions you need to be aware of.

Sample Code Prerequisite Assumptions

As I mentioned in the post announcing the sample code, there are some inbuilt assumptions when using this sample code:

Oracle Database 12c STIG Compliance Standard sample code is here!

One of the most requested features in the compliance management area has been a compliance standard for Oracle Database 12c. As most of you would know, Oracle Database 12c has been out for quite some time, and indeed Larry Ellison has just announced at OOW2016 availability of Oracle Database 12cR2 in Oracle’s public cloud offering. However, as I discussed in another post earlier this year, creating a new STIG compliance standard is not a simple matter. In fact, we are still working on integrating the DISA Oracle Database 12c compliance standard into Enterprise Manager Cloud Control 13c.