| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | SYSTEM AND SERVICES ACQUISITION |
| 1.1.8 Ensure nodev option set on /var partition | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4.1 Ensure core dumps are restricted | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.1.4 Ensure permissions on /etc/motd are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.2 Ensure 'AUDIT_TRAIL' Is Set to 'DB', 'XML', 'OS', 'DB,EXTENDED', or 'XML,EXTENDED' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 2.2.4 Ensure 'OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.6 Ensure 'REMOTE_LOGIN_PASSWORDFILE' Is Set to 'NONE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 2.2.7 Ensure 'REMOTE_OS_AUTHENT' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 2.2.8 Ensure 'REMOTE_OS_ROLES' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 2.2.12 Ensure 'SEC_PROTOCOL_ERROR_TRACE_ACTION' Is Set to 'LOG' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 2.2.15 Ensure '_trace_files_public' Is Set to 'FALSE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.16 Ensure 'RESOURCE_LIMIT' Is Set to 'TRUE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1 Ensure 'FAILED_LOGIN_ATTEMPTS' Is Less than or Equal to '5' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 3.2 Ensure 'PASSWORD_LOCK_TIME' Is Greater than or Equal to '1' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 3.2.4 Ensure suspicious packets are logged | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3.2.3 Ensure outbound and established connections are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 3.8 Ensure 'SESSIONS_PER_USER' Is Less than or Equal to '10' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 4.4 Ensure No Users Are Assigned the 'DEFAULT' Profile | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL |
| 4.5 Ensure 'SYS.USER$MIG' Has Been Dropped | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure 'SYS.USER$MIG' Has Been Dropped | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.1.2 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "File System" Packages | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.3 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Encryption" Packages | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Java" Packages | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3.1 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'AUD$' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Ensure SSH Protocol is set to 2 | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.13 Ensure only strong Ciphers are used | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.1 Ensure '%ANY%' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.2 Ensure 'DBA_SYS_PRIVS.%' Is Revoked from Unauthorized 'GRANTEE' with 'ADMIN_OPTION' Set to 'YES' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.3 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'OUTLN' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4 Ensure 'EXECUTE ANY PROCEDURE' Is Revoked from 'DBSNMP' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.5 Ensure 'SELECT ANY DICTIONARY' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.8 Ensure 'EXEMPT ACCESS POLICY' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.9 Ensure 'BECOME USER' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.10 Ensure 'CREATE PROCEDURE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.12 Ensure 'CREATE ANY LIBRARY' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.13 Ensure 'CREATE LIBRARY' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.15 Ensure 'GRANT ANY ROLE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.1.5 Ensure all users last password change date is in the past | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.1 Ensure permissions on /etc/passwd are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Ensure permissions on /etc/shadow are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.15 Ensure the 'PROCEDURE' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.18 Ensure the 'CREATE SESSION' Audit Option Is Enabled | CIS Oracle Server 19c DB Traditional Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.2.13 Ensure the 'ALTER DATABASE LINK' Action Audit Is Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.2.16 Ensure no duplicate UIDs exist | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.17 Ensure no duplicate GIDs exist | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.25 Ensure the 'ALTER TRIGGER' Action Audit IS Enabled | CIS Oracle Server 19c DB Unified Auditing v1.2.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
