1. Using Oracle CASB Cloud Service
  2. Enhancing Security
  3. Maintaining Secure Configuration Settings
  4. Managing Weak or Noncompliant Security Controls

Managing Weak or Noncompliant Security Controls

Locate and resolve security controls issues in Risk Events.

Some of the risks that Oracle CASB Cloud Service detects are related to non conforming security configuration values. Oracle CASB Cloud Service alerts you when it detects non conforming security configuration values, for example, the minimum password length or the length of time a user's session can be idle before an automatic timeout occurs.

To respond to a security control alert, you can either update the setting in the cloud application manually, or in some cases, you can have Oracle CASB Cloud Service perform the update on your behalf.

  1. From the Dashboard, click the “Non-compliant security controls” number in the Health Summary card to view non-compliant security alerts for all applications on the Risk Events page (CATEGORY column lists only “Security control” entries).
  2. From the Applications page, to view all non compliant security alerts for a single application on the Risk Events page:
    1. In grid view, click the count of non compliant security control alerts for an application that appears in the SECURITY ALERTS column for the application.
    2. In card view, click an application tile to see the Health Summary card for that application, then click the “Security controls” number.
  3. On the Risk Events page, view the description of the non compliant security control that triggered the alert in the SUMMARY column for the alert.

    The SUMMARY column displays the label for the security control as it appears in the related application or service.

  4. Click any row in the risk events list to view details about the security control risk, including its current value and Oracle CASB Cloud Service's recommended value.

    For example, if a cloud application only requires 5 characters in a password, then the recommended value might be 10 characters. The recommended value is the Oracle CASB Cloud Service baseline:

    • If you register a cloud application instance in monitor-only mode, then Oracle CASB Cloud Service uses its own stringent settings as the baseline.

    • If you register a application in push controls mode, then Oracle CASB Cloud Service sets your preferred values in the cloud application, and then generates an alert if anyone modifies that value in the cloud application.

  5. If you feel the risk doesn't merit attention at this time, click the Actions drop-down menu and click Dismiss.

    To prevent Oracle CASB Cloud Service from generating additional alerts about this risk, you can update the security control baseline for this application instance. See Updating the Security Control Baseline for an Application Instance.