In my last post, I walked you through the first part of installing the Oracle Database 12c STIG compliance standards sample code. The next step to using these compliance standards is to associate your Oracle Database 12c databases with these standards. You may recall there are two separate standards in the sample code, one for multitenant databases and the other for conventional architecture databases. The process of associating the databases is the same in each case. You simply have to choose the compliance standard that matches your architecture. In this walkthrough, I will show you how to associate a multitenant database with the “Oracle 12c PDB STIG” compliance standard.
The first step is to go to the “Compliance Standards” tab on the “Compliance Framework” page. To access this, follow the menu path “Enterprise” -> “Compliance” -> “Library”:
In a recent post, I announced the release of some sample code that created two new compliance standards for DISA’s Oracle Database 12c Security Technical Implementation Guide. The sample code includes details on how to install the compliance standards, but I wanted to walk you through an example of installing it with screenshots and more commentary than is in the sample code. So let’s start off with some of the assumptions you need to be aware of.
As I mentioned in the post announcing the sample code, there are some inbuilt assumptions when using this sample code:
One of the most requested features in the compliance management area has been a compliance standard for Oracle Database 12c. As most of you would know, Oracle Database 12c has been out for quite some time, and indeed Larry Ellison has just announced at OOW2016 availability of Oracle Database 12cR2 in Oracle’s public cloud offering. However, as I discussed in another post earlier this year, creating a new STIG compliance standard is not a simple matter. In fact, we are still working on integrating the DISA Oracle Database 12c compliance standard into Enterprise Manager Cloud Control 13c.
This blog post was prompted by a comment on my website by Chris Peterson, where he asked why the 11g STIG checklist doesn’t work against Oracle Database 12c. This required a more comprehensive answer than I could give in a simple comment, so that’s what this blog post is all about. Let’s start off with a bit of an introduction for those of you that are asking, “What the heck is a STIG anyway?”
Yesterday I wrote a post on the ORAchk / EXAchk plug-in in Enterprise Manager Cloud Control 13c, and I promised I would write another post that would cover some of the more frequently asked questions we’ve been receiving on the plug-in. That’s what this post in, so the rest of the post will be in a Q&A sort of format.
Question: What are the benefits of EXAchk integration with the Enterprise Manager compliance framework i.e. what can we do with this that we could not in EM12c?
Answer: In EM 12c, we ask customers to setup EXAchk in the target themselves, we just bring the results to EM and show the results on the EXAchk target Home page. In 13c these are our main features:
This is the second of the two posts I wanted to copy from Dave Wolf’s web site. As I mentioned in the first of these two posts, Dave is a colleague of mine who used to own the DBLM area as far as the Enterprise Manager product management team is concerned. However, he has moved to another area in Oracle and I have inherited his responsibilities for change management, compliance management and configuration management, so I want to make sure this material remains available. This post was originally written in April, 2015, and relates to the STIG compliance standards for Oracle Database 11gR2. I’ll be updating this material with another blog in the next month or so with information on the latest STIG compliance standards, so stayed tuned for that! But here’s Dave’s earlier post:
This is the first of two posts in the area of compliance management that has been previously published by a colleague of mine, Dave Wolf. Dave has moved to another part of Oracle now, and I’ve inherited some of his reponsibilities as product manager, including change management, compliance management and configuration management, so I wanted to copy his material to my blog so it’s not lost. Thanks Dave, for putting this material together originally!