| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | SYSTEM AND SERVICES ACQUISITION |
| 2.2.1 Ensure 'AUDIT_SYS_OPERATIONS' Is Set to 'TRUE' | AUDIT AND ACCOUNTABILITY |
| 2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED' | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure 'GLOBAL_NAMES' Is Set to 'TRUE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.4 Ensure 'OS_ROLES' Is Set to 'FALSE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.5 Ensure 'REMOTE_LISTENER' Is Empty | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE' | ACCESS CONTROL |
| 2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | ACCESS CONTROL |
| 2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | ACCESS CONTROL |
| 2.2.9 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' | IDENTIFICATION AND AUTHENTICATION |
| 2.2.10 Ensure 'SEC_MAX_FAILED_LOGIN_ATTEMPTS' Is '3' or Less | ACCESS CONTROL |
| 2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)' | ACCESS CONTROL |
| 2.2.12 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG' | AUDIT AND ACCOUNTABILITY |
| 2.2.13 Ensure 'SEC_RETURN_SERVER_RELEASE_BANNER' Is Set to 'FALSE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.14 Ensure 'SQL92_SECURITY' Is Set to 'TRUE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.16 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE' | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.17 Ensure 'PDB_OS_CREDENTIAL' is NOT null | ACCESS CONTROL |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | ACCESS CONTROL |
| 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | ACCESS CONTROL |
| 3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' | ACCESS CONTROL |
| 3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20' | IDENTIFICATION AND AUTHENTICATION |
| 3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365' | IDENTIFICATION AND AUTHENTICATION |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | ACCESS CONTROL |
| 3.7 Ensure 'PASSWORD_VERIFY_FUNCTION' Is Set for All Profiles | IDENTIFICATION AND AUTHENTICATION |
| 3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | ACCESS CONTROL |
| 3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120' | ACCESS CONTROL |
| 4.1 Ensure All Default Passwords Are Changed | IDENTIFICATION AND AUTHENTICATION |
| 4.2 Ensure All Sample Data And Users Have Been Removed | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'DBA_USERS.AUTHENTICATION_TYPE' Is Not Set to 'EXTERNAL' for Any User | ACCESS CONTROL |
| 4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile | ACCESS CONTROL |
| 4.5 Ensure 'SYS.USER$MIG' Has Been Dropped | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure No Public Database Links Exist | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Network' Packages | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'File System' Packages | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Encryption' Packages | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' Packages | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.5 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Job Scheduler' Packages | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'SQL Injection Helper' Packages | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_CREDENTIAL' Package | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' Packages | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3.1 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$' | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%' | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES' | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.3 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN' | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP' | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.6 Ensure 'SELECT ANY TABLE' Is Revoked from Unauthorized 'GRANTEE' | ACCESS CONTROL, MEDIA PROTECTION |
