| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | CONFIGURATION MANAGEMENT |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 4.10.9.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.5 (L1) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| DG0001-ORACLE11 - Vendor supported software is evaluated and patched against newly found vulnerabilities. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'Oracle instance DBA is only a member of ORA_{SID}_DBA and Users group' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DG0011-ORACLE11 - Configuration management procedures should be defined and implemented for database software modifications. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0012-ORACLE11 - Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications - 'ORACLE_BASE environment variable set' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0012-ORACLE11 - Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications - 'ORACLE_HOME environment variable set' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0013-ORACLE11 - Database backup procedures should be defined, documented and implemented. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0020-ORACLE11 - Backup and recovery procedures should be developed, documented, implemented and periodically tested. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0025-ORACLE11 - DBMS cryptography must be NIST FIPS 140-2 validated - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ora SQLNET.SSLFIPS_140 = TRUE' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0050-ORACLE11 - Database software, applications and configuration files should be monitored to discover unauthorized changes. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0054-ORACLE11 - The audit logs should be periodically monitored to discover DBMS access using unauthorized applications. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0064-ORACLE11 - DBMS backup and restoration files should be protected from unauthorized access. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0067-ORACLE11 - Database account passwords should be stored in encoded or encrypted format whether stored in database objects, external host files, environment variables or any other storage locations. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| DG0068-ORACLE11 - DBMS tools or applications that echo or require a password entry in clear text should be protected from password display. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0069-ORACLE11 - Procedures and restrictions for import of production data to development databases should be documented, implemented and followed. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0088-ORACLE11 - The DBMS should be periodically tested for vulnerability management and IA compliance. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0090-ORACLE11 - Sensitive information stored in the database should be protected by encryption. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0096-ORACLE11 - The DBMS IA policies and procedures should be reviewed annually or more frequently. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0097-ORACLE11 - Plans and procedures for testing DBMS installations, upgrades and patches should be defined and followed prior to production implementation. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - '%ORACLE_HOME%\rdbms\admin\externaljob.ora run_group = nobody' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0099-ORACLE11 - Access to external DBMS executables should be disabled or restricted - no PROGRAMS = EXTPROC' - tnsnames.ora | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA tcp.validnode_checking = YES' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0103-ORACLE11 - Network access to the DBMS must be restricted to authorized personnel - valid source and destination IPs are used in rules' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0107-ORACLE11 - Sensitive data is stored in the database and should be identified in the System Security Plan and AIS Functional Architecture documentation. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0109-ORACLE11 - The DBMS should not be operated without authorization on a host system supporting other application services - 'W3SVC, FTPSVC, DNS and DHCPServer servcies are not running' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0129-ORACLE11 - Passwords should be encrypted when transmitted across the network. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| DG0140-ORACLE11 - Access to DBMS security data should be audited. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0154-ORACLE11 - The DBMS requires a System Security Plan containing all required information. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0155-ORACLE11 - The DBMS should have configured all applicable settings to use trusted files, functions, features, or other components during startup, shutdown, aborts, or other unplanned interruptions. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0157-ORACLE11 - Remote DBMS administration should be documented and authorized or disabled. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0158-ORACLE11 - DBMS remote administration should be audited. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0175-ORACLE11 - The DBMS host platform and other dependent applications should be configured in compliance with applicable STIG requirements. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0176-ORACLE11 - The DBMS audit logs should be included in backup operations. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0191-ORACLE11 - Credentials used to access remote databases should be protected by encryption and restricted to authorized users - '%ORACLE_HOME%\database\PWDorcl.ora permissions are correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0194-ORACLE11 - Privileges assigned to developers on shared production and development DBMS hosts and the DBMS should be monitored every three months or more frequently for unauthorized changes. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DG0198-ORACLE11 - Remote administration of the DBMS should be restricted to known, dedicated and encrypted network addresses and ports. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account is denied logon on locally right' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0286-ORACLE11 - The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0 - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA SQLNET.INBOUND_CONNECT_TIMEOUT > 0' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| DO0430-ORACLE11 - The Oracle Management Agent should be uninstalled if not required and authorized or is installed on a database accessible from the Internet. | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DO6754-ORACLE11 - Oracle Configuration Manager should not remain installed on a production system - '%ORACLE_HOME%\ccr directory does not exist' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| Prevent installation of devices using drivers that match these device setup classes - 1 | MSCT Windows 11 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - 1 | MSCT Windows 11 v23H2 v1.0.0 | Windows | MEDIA PROTECTION |
| WN12-GE-000008 - Permissions for Windows installation directory must conform to minimum requirements. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
