Last Friday, Oracle released new Enterprise Manager compliance standards based on DISA’s Security Technical Information Guide ( STIG ) for Oracle Database 11.2g Version 1 Release 2. These standards are specifically for use with Oracle Database 11g Release 2, both single instance and RAC.
This is actually the second compliance content update since February. The previous one included an update to the Oracle Database 11g STIG standard bringing support from Release 8 to 11.
Both updates were made available via Enterprise Manager’s Self-Update feature. To download them, go to Setup->Extensibility->Self Update. Select ‘Compliance Content’ which will take you to the ‘Compliance Content Updates’ page. Here you should see the compliance standards in either Available, Downloaded or Applied state. Simply select the row and click Download to retrieve the standard. When download has completed, click Apply to make it available in the compliance library.
After applying both compliance standards, you should see six STIG related standards in the Compliance Library.
If you are currently using one of the ‘Security Technical Implementation Guide (STIG Version 1.8)’ standards you should move to one of the updated versions. Which new version to use depends on the version of each database. For 11gR1 databases use the updated ‘STIG Version 8 Release 1.11’ standard. For 11gR2 databases, you should use the new ‘Oracle 11.2g Database STIG – Version 1, Release 2’ standards.
To migrate, simply associate the targets to new standard and unassociate them from the old version. You could even run both in parallel until you are comfortable with the new results.
If you were not previously using the STIG standards but planning to start, I suggest first reviewing my original blog on this topic which gives a quick overview of these standards and contains a link to a compliance overview screenwatch.
Documentation on these and other Oracle Database Compliance standards can be found in the Oracle Database Compliance Standards reference guide on OTN.
I appreciate the walk-through; If you are in a standalone environment; how do I import the compliance content updates?
LikeLike
Hi Jeff. If by standalone, you mean EM cannot connect to Oracle over the internet, you should be able to use the offline update methods described in the documentation here:
http://docs.oracle.com/cd/E24628_01/doc.121/e24473/self_update.htm#EMADM13232
Let me know how you make out.
Dave
LikeLike
Dave, I haven’t been able to update the VM to include the offline method to include the newest Oracle 12 Compliance Pack. I have logged a SR 10712438531 with Oracle for there support. I tried both the offline and online methods and self update; any ideas? Thanks, Jeff
LikeLike
Jeff,
A couple things to check. You must have DB plugin 12.1.0.7 and latest bundle patch applied to OMS. Otherwise, self update will not present the available compliance content.
Try updating and let me know.
Dave
LikeLike
Dave, I was able to get everything completed. Thank you for your assistance. V/R, Jeff
LikeLike