| 2.3.1 Ensure 'BACKGROUND_CORE_DUMP' Is Not Set To 'Full' | MEDIA PROTECTION |
| 2.3.2 Ensure 'SHADOW_CORE_DUMP' Is Not Set To 'Full' | MEDIA PROTECTION |
| 2.3.3 Ensure 'ALLOW_GROUP_ACCESS_TO_SGA' Is Set To `FALSE` | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.4 Review Undocumented (Underscore) Parameters Not Set To 'DEFAULT' Values | CONFIGURATION MANAGEMENT |
| 2.3.5 Ensure 'OS_ROLES' Is Set To 'FALSE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.6 Ensure 'REMOTE_OS_ROLES' Is Set To 'FALSE' | ACCESS CONTROL |
| 2.3.7 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is Set To '3' Or Less | ACCESS CONTROL |
| 2.3.8 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set To '(DROP,3)' | CONFIGURATION MANAGEMENT |
| 2.3.9 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set To 'LOG' | AUDIT AND ACCOUNTABILITY |
| 2.3.10 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set To 'FALSE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.11 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set To 'NONE' | ACCESS CONTROL |
| 2.3.12 Ensure 'REMOTE_LISTENER' Is Empty | CONFIGURATION MANAGEMENT |
| 2.3.13 Ensure 'RESOURCE_LIMIT' Is Set To 'TRUE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.14 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | ACCESS CONTROL |
| 2.3.15 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' | IDENTIFICATION AND AUTHENTICATION |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less Than Or Equal To '5' | ACCESS CONTROL |
| 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater Than Or Equal To '1' | ACCESS CONTROL |
| 3.3 Ensure 'PASSWORD_LIFE_TIME + PASSWORD_GRACE_TIME' Is Less Than Or Equal To '365' | ACCESS CONTROL |
| 3.4 Ensure 'PASSWORD_REUSE_MAX' Is Set To 'UNLIMITED' | IDENTIFICATION AND AUTHENTICATION |
| 3.5 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set For All Profiles | IDENTIFICATION AND AUTHENTICATION |
| 3.6 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Configured Correctly | IDENTIFICATION AND AUTHENTICATION |
| 3.7 Ensure 'PASSWORD_ROLLOVER_TIME' Is Set To '0' | IDENTIFICATION AND AUTHENTICATION |
| 3.8 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less Than Or Equal To '120' | ACCESS CONTROL |
| 4.1 Ensure All Default Passwords Are Changed | IDENTIFICATION AND AUTHENTICATION |
| 4.2 Ensure No Custom 'ORACLE_MAINTAINED' Users Exist | ACCESS CONTROL |
| 4.3 Review The Users Created Through Real Application Security | ACCESS CONTROL |
| 4.4 Ensure Old Password Versions Are Not Used | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure The Latest Version of The Password File Is Used | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure That Users In Different RAC Instances Are Identical In PW Files | IDENTIFICATION AND AUTHENTICATION |
| 4.7 Ensure No Public Database Links Exist | ACCESS CONTROL, MEDIA PROTECTION |
| 4.8 Ensure That Database Link Passwords Are Using The Latest Encryption | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.1 Ensure All Auditable System Actions Commands Are Audited | AUDIT AND ACCOUNTABILITY |
| 5.1.2 Ensure the 'LOGON' AND 'LOGOFF' Actions Audit Is Enabled | AUDIT AND ACCOUNTABILITY |
| 5.1.3 Ensure Critical Packages Are Audited | AUDIT AND ACCOUNTABILITY |
| 5.1.4 Ensure All Export Activities Are Audited | AUDIT AND ACCOUNTABILITY |
| 5.1.5 Ensure The Use Of SYS* Privileges Is Audited | AUDIT AND ACCOUNTABILITY |
| 6.1.1 Ensure '%ANY%' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Ensure Admin Privileges Are Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL |
| 6.1.3 Ensure 'IMPORT' And 'EXPORT' 'FULL DATABASE' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure 'CREATE EXTERNAL JOB' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL |
| 6.1.5 Ensure 'BECOME USER' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.6 Ensure 'TEXT DATASTORE ACCESS' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.7 Ensure 'CREATE', 'ALTER', And 'DROP' 'PUBLIC DATABASE LINK' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure 'LOGMINING' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.9 Ensure 'ALTER SYSTEM' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.10 Ensure 'CREATE LIBRARY' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.11 Ensure All `SYSTEM` Privileges Are Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL |
| 6.2.1 Ensure 'DBA' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.2 Ensure 'EXP_FULL_DATABASE' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.3 Ensure 'IMP_FULL_DATABASE' Is Revoked From Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
