Director of Product Management – Oracle
New Enterprise Manager STIG Compliance Standards for Oracle Database 11gR2 Now Available
Last Friday, Oracle released new Enterprise Manager compliance standards based on DISA’s Security Technical Information Guide ( STIG ) for Oracle Database 11.2g Version 1 Release 2. These standards are specifically for use with Oracle Database 11g Release 2, both single instance and RAC.
This is actually the second compliance content update since February. The previous one included an update to the Oracle Database 11g STIG standard bringing support from Release 8 to 11.
Both updates were made available via Enterprise Manager’s Self-Update feature. To download them, go to Setup->Extensibility->Self Update. Select ‘Compliance Content’ which will take you to the ‘Compliance Content Updates’ page. Here you should see the compliance standards in either Available, Downloaded or Applied state. Simply select the row and click Download to retrieve the standard. When download has completed, click Apply to make it available in the compliance library.
After applying both compliance standards, you should see six STIG related standards in the Compliance Library.
If you are currently using one of the ‘Security Technical Implementation Guide (STIG Version 1.8)’ standards you should move to one of the updated versions. Which new version to use depends on the version of each database. For 11gR1 databases use the updated ‘STIG Version 8 Release 1.11’ standard. For 11gR2 databases, you should use the new ‘Oracle 11.2g Database STIG – Version 1, Release 2’ standards.
To migrate, simply associate the targets to new standard and unassociate them from the old version. You could even run both in parallel until you are comfortable with the new results.
If you were not previously using the STIG standards but planning to start, I suggest first reviewing my original blog on this topic which gives a quick overview of these standards and contains a link to a compliance overview screenwatch.
Documentation on these and other Oracle Database Compliance standards can be found in the Oracle Database Compliance Standards reference guide on OTN.