Detections
Analytics

CIS Oracle Database 23ai v1.0.0 L1 RDBMS

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle Database 23ai v1.0.0 L1 RDBMS

Updated: 10/27/2025

Authority: CIS

Plugin: OracleDB

Revision: 1.1

Estimated Item Count: 78

File Details

Filename: CIS_Oracle_Database_23ai_v1.0.0_L1_RDBMS.audit

Size: 162 kB

MD5: e1f33d98f28127bf22d95a090d39f649
SHA256: 1cde5dc07e91e7456346c330bfda3e2df5223b290fada4c34ec77bcf5c359829

Audit Items

DescriptionCategories
1.1 Ensure The Appropriate Version/Patches For Oracle Software Is Installed
2.3.1 Ensure 'BACKGROUND_CORE_DUMP' Is Not Set To 'Full'
2.3.2 Ensure 'SHADOW_CORE_DUMP' Is Not Set To 'Full'
2.3.3 Ensure 'MLE_PROG_LANGUAGES' Is Set To 'OFF'
2.3.4 Ensure 'ALLOW_GROUP_ACCESS_TO_SGA' Is Set To `FALSE`
2.3.5 Review Undocumented (Underscore) Parameters Not Set To 'DEFAULT' Values
2.3.6 Ensure 'OS_ROLES' Is Set To 'FALSE'
2.3.7 Ensure 'REMOTE_OS_ROLES' Is Set To 'FALSE'
2.3.8 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is Set To '3' Or Less
2.3.9 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set To '(DROP,3)'
2.3.10 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set To 'LOG'
2.3.11 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set To 'FALSE'
2.3.12 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set To 'NONE'
2.3.13 Ensure 'REMOTE_LISTENER' Is Empty
2.3.14 Ensure 'RESOURCE_LIMIT' Is Set To 'TRUE'
3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less Than Or Equal To '5'
3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater Than Or Equal To '1'
3.3 Ensure 'PASSWORD_LIFE_TIME + PASSWORD_GRACE_TIME' Is Less Than Or Equal To '365'
3.4 Ensure 'PASSWORD_REUSE_MAX' Is Set To 'UNLIMITED'
3.5 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set For All Profiles
3.6 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Configured Correctly
3.7 Ensure 'PASSWORD_ROLLOVER_TIME' Is set to '0'
3.8 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'
4.1 Ensure All Default Passwords Are Changed
4.2 Ensure No Custom 'ORACLE_MAINTAINED' Users Exist
4.3 Review The Users Created Through Real Application Security
4.4 Ensure Old Password Versions Are Not Used
4.5 Ensure The Latest Version of The Password File Is Used
4.6 Ensure That Users In Different RAC Instances Are Identical In PW Files
4.7 Ensure No Public Database Links Exist
4.8 Ensure That Database Link Passwords Are Using The Latest Encryption
5.1 Ensure All Auditable System Actions Commands Are Audited
5.2 Ensure the 'LOGON' AND 'LOGOFF' Actions Audit Is Enabled
5.3 Ensure Critical Packages Are Audited
5.4 Ensure All Export Activities Are Audited
5.5 Ensure The Use Of SYS* Privileges Is Audited
6.1.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE'
6.1.2 Ensure Admin Privileges Are Revoked from Unauthorized 'GRANTEE'
6.1.3 Ensure 'IMPORT' And 'EXPORT' 'FULL DATABASE' Is Revoked From Unauthorized 'GRANTEE'
6.1.4 Ensure 'CREATE EXTERNAL JOB' Is Revoked From Unauthorized 'GRANTEE'
6.1.5 Ensure 'BECOME USER' Is Revoked From Unauthorized 'GRANTEE'
6.1.6 Ensure 'TEXT DATASTORE ACCESS' Is Revoked From Unauthorized 'GRANTEE'
6.1.7 Ensure 'CREATE', 'ALTER', And 'DROP' 'PUBLIC DATABASE LINK' Is Revoked From Unauthorized 'GRANTEE'
6.1.8 Ensure 'LOGMINING' Is Revoked From Unauthorized 'GRANTEE'
6.1.9 Ensure 'ALTER SYSTEM' Is Revoked From Unauthorized 'GRANTEE'
6.1.10 Ensure 'CREATE LIBRARY' Is Revoked From Unauthorized 'GRANTEE'
6.1.11 Ensure All `SYSTEM` Privileges Are Revoked from Unauthorized 'GRANTEE'
6.2.1 Ensure 'DBA' Is Revoked from Unauthorized 'GRANTEE'
6.2.2 Ensure 'EXP_FULL_DATABASE' Is Revoked From Unauthorized 'GRANTEE'
6.2.3 Ensure 'IMP_FULL_DATABASE' Is Revoked From Unauthorized 'GRANTEE'