David Wolf

Director of Product Management – Oracle

New Enterprise Manager STIG Compliance Standards for Oracle Database 11gR2 Now Available

Last Friday, Oracle released new Enterprise Manager compliance standards based on DISA’s Security Technical Information Guide ( STIG ) for Oracle Database 11.2g Version 1 Release 2. These standards are specifically for use with Oracle Database 11g Release 2, both single instance and RAC.

This is actually the second compliance content update since February. The previous one included an update to the Oracle Database 11g STIG standard bringing support from Release 8 to 11.

Both updates were made available via Enterprise Manager’s Self-Update feature. To download them, go to Setup->Extensibility->Self Update. Select ‘Compliance Content’ which will take you to the ‘Compliance Content Updates’ page. Here you should see the compliance standards in either Available, Downloaded or Applied state. Simply select the row and click Download to retrieve the standard. When download has completed, click Apply to make it available in the compliance library.

STIGR21

After applying both compliance standards, you should see six STIG related standards in the Compliance Library.

STIGR23

If you are currently using one of the ‘Security Technical Implementation Guide (STIG Version 1.8)’ standards you should move to one of the updated versions. Which new version to use depends on the version of each database. For 11gR1 databases use the updated ‘STIG Version 8 Release 1.11’ standard. For 11gR2 databases, you should use the new ‘Oracle 11.2g Database STIG – Version 1, Release 2’ standards.

To migrate, simply associate the targets to new standard and unassociate them from the old version. You could even run both in parallel until you are comfortable with the new results.

If you were not previously using the STIG standards but planning to start, I suggest first reviewing my original blog on this topic which gives a quick overview of these standards and contains a link to a compliance overview screenwatch.

Documentation on these and other Oracle Database Compliance standards can be found in the Oracle Database Compliance Standards reference guide on OTN.

Advertisements

5 responses to “New Enterprise Manager STIG Compliance Standards for Oracle Database 11gR2 Now Available

  1. Jeff Haskins April 28, 2015 at 12:59 am

    I appreciate the walk-through; If you are in a standalone environment; how do I import the compliance content updates?

    Like

  2. Jeff Haskins May 13, 2015 at 6:09 pm

    Dave, I was able to get everything completed. Thank you for your assistance. V/R, Jeff

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: