B Rule Sets
Here is a list with descriptions of every Rule Set you can find in Oracle Configuration and Compliance.
Linux
| Rule Set | Description |
|---|---|
| Guide to the Secure Configuration of Oracle Linux 7-Criminal Justice Information Services (CJIS) Security Policy | This profile is derived from FBI's CJIS v5.4 Security Policy. A copy of this policy can be found at the CJIS Security Policy Resource Center: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center. |
| Guide to the Secure Configuration of Oracle Linux 7-United States Government Configuration Baseline (USGCB / STIG) | This profile is developed in partnership with the U.S. National Institute of Standards and Technology (NIST), U.S. Department of Defense, the National Security Agency, and Red Hat. The USGCB is intended to be the core set of security related configuration settings by which all federal agencies should comply. This baseline implements configuration requirements from the following documents: - Committee on National Security Systems Instruction No. 1253 (CNSSI 1253) - NIST Controlled Unclassified Information (NIST 800-171) - NIST 800-53 control selections for MODERATE impact systems (NIST 800-53) - U.S. Government Configuration Baseline (USGCB) - NIAP Protection Profile for General Purpose Operating Systems v4.0 (OSPP v4.0) - DISA Operating System Security Requirements Guide (OS SRG) For any differing configuration requirements, e.g. password lengths, the stricter security setting was chosen. Security Requirement Traceability Guides (RTMs) and sample System Security Configuration Guides are provided via the scap-security-guide-docs package. This profile reflects U.S. Government consensus content and is developed through the OpenSCAP/SCAP Security Guide initiative, championed by the National Security Agency. Except for differences in formatting to accommodate publishing processes, this profile mirrors OpenSCAP/SCAP Security Guide content as minor divergences, such as bugfixes, work through the consensus process. |
| Guide to the Secure Configuration of Red Hat Enterprise Linux 6-Red Hat Corporate Profile for Certified Cloud Providers (RH CCP) | This is a SCAP profile for Red Hat Certified Cloud Providers. |
| Guide to the Secure Configuration of Oracle Linux 7-DISA STIG for Oracle Linux 7 | This is a profile for STIG for Oracle Linux 7. |
| Rule Set (0.9) | Description |
|---|---|
| Guide to the Secure Configuration of Red Hat Enterprise Linux 6-C2S for Red Hat Enterprise Linux 6 [v0.9] | This profile demonstrates compliance against the U.S. Government Commercial Cloud Services (C2S) baseline. This baseline was inspired by the Center for Internet Security (CIS) Red Hat Enterprise Linux 6 Benchmark, v1.2.0 - 06-25-2013. For the SCAP Security Guide project to remain in compliance with CIS' terms and conditions, specifically Restrictions(8), note there is no representation or claim that the C2S profile will ensure a system is in compliance or consistency with the CIS baseline. |
| Guide to the Secure Configuration of Red Hat Enterprise Linux 6-CSCF RHEL6 MLS Core Baseline [v0.9] | This profile reflects the Centralized Super Computing Facility (CSCF) baseline for Red Hat Enterprise Linux 6. This baseline has received government ATO through the ICD 503 process, utilizing the CNSSI 1253 cross domain overlay. This profile should be considered in active development. Additional tailoring will be needed, such as the creation of RBAC roles for production deployment. |
| Guide to the Secure Configuration of Red Hat Enterprise Linux 6-Common Profile for General-Purpose Systems Server Baseline [v0.9] | This profile contains items common to general-purpose desktop and server installations.This profile is for RHEL 6 acting as a server. |
| Guide to the Secure Configuration of Red Hat Enterprise Linux 6-United States Government Configuration Baseline (USGCB) [v0.9] | This profile is a working draft for a USGCB submission against RHEL6 Server. |
| Guide to the Secure Configuration of Red Hat Enterprise Linux 6-Common Profile for General-Purpose Systems [v0.9] | This profile contains items common to general-purpose desktop and server installations. |
| Guide to the Secure Configuration of Red Hat Enterprise Linux 6-Example Server Profile [v0.9] | This profile is an example of a customized server profile. |
| Guide to the Secure Configuration of Red Hat Enterprise Linux 6-Common Profile for General-Purpose SystemsUpstream STIG for RHEL 6 Server [v0.9] | This profile contains items common to general-purpose desktop and server installations.This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process, serving as the upstream development environment for the Red Hat Enterprise Linux 6 Server STIG. As a result of the upstream/downstream relationship between the SCAP Security Guide project and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content. For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/os/unix/red_hat.html. While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note that commercial support of this SCAP content is NOT available. This profile is provided as example SCAP content with no endorsement for suitability or production readiness. Support for this profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The upstream project homepage is https://fedorahosted.org/scap-security-guide/. https://fedorahosted.org/scap-security-guide/. |
| Rule Set (1.28) | Description |
|---|---|
| Guide to the Secure Configuration of Oracle Linux 6-CNSSI 1253 Low/Low/Low Control Baseline for Oracle Linux 6 [v0.1.28] | This profile follows the Committee on National Security Systems Instruction (CNSSI) No. 1253, "Security Categorization and Control Selection for National Security Systems" on security controls to meet low confidentiality, low integrity, and low assurance." |
| Guide to the Secure Configuration of Oracle Linux 6-PCI-DSS v3 Control Baseline for Oracle Linux 6 [v0.1.28] | This is a *draft* profile for PCI-DSS v3. |
| Guide to the Secure Configuration of Oracle Linux 6-C2S for Oracle Linux 6 [v0.1.28] | This profile demonstrates compliance against the U.S. Government Commercial Cloud Services (C2S) baseline. This baseline was inspired by the Center for Internet Security (CIS) Oracle Linux 6 Benchmark, v1.2.0 - 06-25-2013. For the SCAP Security Guide project to remain in compliance with CIS' terms and conditions, specifically Restrictions(8), note there is no representation or claim that the C2S profile will ensure a system is in compliance or consistency with the CIS baseline. |
| Guide to the Secure Configuration of Oracle Linux 6-CSCF OL6 MLS Core Baseline [v0.1.28] | This profile reflects the Centralized Super Computing Facility (CSCF) baseline for Oracle Linux 6. This baseline has received government ATO through the ICD 503 process, utilizing the CNSSI 1253 cross domain overlay. This profile should be considered in active development. Additional tailoring will be needed, such as the creation of RBAC roles for production deployment. |
| Guide to the Secure Configuration of Oracle Linux 6-Oracle Profile for Cloud Providers [v0.1.28] | This is a SCAP profile for Cloud Providers. |
| Guide to the Secure Configuration of Oracle Linux 6-United States Government Configuration Baseline (USGCB) [v0.1.28] | This profile is a working draft for a USGCB submission against RHEL6 Server. |
| Guide to the Secure Configuration of Oracle Linux 6-Upstream STIG for Oracle Linux 6 Server [v0.1.28] | This is a *draft* profile for STIG. As a result of the upstream/downstream relationship between the SCAP Security Guide project and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content. For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/os/unix-linux/Pages/oracle-linux.aspx. While this profile is packaged by Oracle as part of the SCAP Security Guide package, please note that commercial support of this SCAP content is NOT available. This profile is provided as example SCAP content with no endorsement for suitability or production readiness. Support for this profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The upstream project homepage is https://fedorahosted.org/scap-security-guide/. |
| Guide to the Secure Configuration of Oracle Linux 6-Server Baseline [v0.1.28] | This profile is for Oracle Linux 6 acting as a server. |
| Guide to the Secure Configuration of Oracle Linux 6-Common Profile for General-Purpose Systems [v0.1.28] | This profile contains items common to general-purpose desktop and server installations. |
| Guide to the Secure Configuration of Oracle Linux 6-Example Server Profile [v0.1.28] | This profile is an example of a customized server profile. |
| Guide to the Secure Configuration of Oracle Linux 6-Standard System Security Profile [v0.1.28] | This profile contains rules to ensure standard security base of Oracle Linux 6 system. Regardless of your system's workload all of these checks should pass. |
| Rule Set (1.36) | Description |
|---|---|
| Guide to the Secure Configuration of Oracle Linux 7-Oracle Profile for Cloud Providers [v0.1.36] | This is a SCAP profile for Cloud Providers. |
| Guide to the Secure Configuration of Oracle Linux 7-PCI-DSS v3 Control Baseline for Oracle Linux 7 [v0.1.36] | This is a profile for PCI-DSS v3. |
| Guide to the Secure Configuration of Oracle Linux 7-Standard System Security Profile [v0.1.36] | This profile contains rules to ensure standard security baseline of Oracle Linux 7 system. Regardless of your system's workload all of these checks should pass. |
| Guide to the Secure Configuration of Oracle Linux 7-Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) [v0.1.36] | From NIST 800-171, Section 2.2: Security requirements for protecting the confidentiality of CUI in nonfederal information systems and organizations have a well-defined structure that consists of: (i) a basic security requirements section; (ii) a derived security requirements section. The basic security requirements are obtained from FIPS Publication 200, which provides the high-level and fundamental security requirements for federal information and information systems. The derived security requirements, which supplement the basic security requirements, are taken from the security controls in NIST Special Publication 800-53. This profile configures Oracle Linux 7 to the NIST Special Publication 800-53 controls identified for securing Controlled Unclassified Information (CUI). |
| Guide to the Secure Configuration of Oracle Linux 7-Common Profile for General-Purpose Systems [v0.1.36] | This profile contains items common to general-purpose desktop and server installations. |
| Guide to the Secure Configuration of Oracle Linux 7-Standard Docker Host Security Profile [v0.1.36] | This profile contains rules to ensure standard security baseline of Oracle Linux 7 system running the docker daemon. This discussion is currently being held on open-scap-list@redhat.com and scap-security-guide@lists.fedorahosted.org. |
| Rule Set (1.40) | Description |
|---|---|
| Guide to the Secure Configuration of Oracle Linux 7-Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171) | This profile configures Oracle Linux 7 to the NIST Special Publication 800-53 controls identified for securing Controlled Unclassified Information (CUI). |
| Guide to the Secure Configuration of Oracle Linux 7-OSPP DRAFT - Protection Profile for General Purpose Operating Systems v. 4.2 | This profile reflects mandatory configuration controls identified in the NIAP Configuration Annex to the Protection Profile for General Purpose Operating Systems (Protection Profile Version 4.2) |
| Guide to the Secure Configuration of Oracle Linux 7-Criminal Justice Information Services (CJIS) Security Policy | This profile is derived from FBI's CJIS v5.4 Security Policy |
| Guide to the Secure Configuration of Oracle Linux 7-Standard System Security Profile for Oracle Linux 7 | This profile contains rules to ensure standard security baseline of a Oracle Linux 7 system. |
| Guide to the Secure Configuration of Oracle Linux 7-DISA STIG for Oracle Linux 7 | This is a draft profile for STIG for Oracle Linux 7. |
| Guide to the Secure Configuration of Oracle Linux 7-PCI-DSS v3 Control Baseline for Oracle Linux 7 | This is a draft profile for PCI-DSS v3. |
| Guide to the Secure Configuration of Oracle Linux 7-Oracle Profile for Cloud Providers | This is a draft Oracle SCAP profile for Cloud Providers. |
| Guide to the Secure Configuration of Oracle Linux 7-United States Government Configuration Baseline - DRAFT | This compliance profile reflects the core set of security related configuration settings for deployment of Oracle Linux 7.x into U.S. Defense, Intelligence, and Civilian agencies. Development partners and sponsors include the U.S. National Institute of Standards and Technology (NIST), U.S. Department of Defense, the National Security Agency, and Red Hat. |
| Guide to the Secure Configuration of Oracle Linux 7-Health Insurance Portability and Accountability Act (HIPAA) | The HIPAA Security Rule establishes U.S. national standards to protect individuals¿ electronic personal health information that is created, received, used, or maintained by a covered entity. |
Cloud
| Rule Set | Description |
|---|---|
| Best Practices for Oracle Java Cloud Services [v1] | Compliance Rules to check the configuration of Java Cloud Service Instances |
| Best Practices for Oracle Cloud Infrastructure - Compute Classic Instances [v1] | Compliance Rules to check the configuration of Compute Instances |
| OMC Compliance Rules for AWS Customer Gateways [v1] | Compliance Rules to check the configuration of Customer Gateways |
| OMC Compliance Rules for AWS Elastic IP Addresses [v1] | Compliance Rules to check the configuration of Elastic IP Addresses |
| OMC Compliance Rules for AWS VPCs [v1] | Compliance Rules to check the configuration of VPCs |
| OMC Compliance Rules for AWS Cloud Trail [v1] | Compliance Rules to check Cloud Trail Configuration |
| OMC Compliance Rules for AWS Internet Gateways [v1] | Compliance Rules to check the configuration of Internet Gateways |
| OMC Compliance Rules for AWS Elastic Block Store [v1] | Compliance Rules to check the configuration of Elastic Block Stores |
| OMC Compliance Rules for AWS VPN Gateways [v1] | Compliance Rules to check the configuration of VPN Gateways |
| OMC Compliance Rules for AWS EC2 Instances [v1] | Compliance Rules to check the configuration of EC2 Instances |
| OMC Compliance Rules for AWS VPN Connections [v1] | Compliance Rules to check the configuration of VPN Connections |
| OMC Compliance Rules for AWS Security Groups [v1] | Compliance Rules to check the configuration of Security Groups |
| OMC Compliance Rules for AWS Route Tables [v1] | Compliance Rules to check the configuration of Route Tables |
| OMC Compliance Rules for AWS Subnets [v1] | Compliance Rules to check the configuration of Subnets |
Oracle Database
| Rule Set | Description |
|---|---|
| Oracle Database 12c Single Instance Database STIG Configuration | This profile contains a STIG for a single instance Oracle Database 12c. |
| Basic Security Configuration For Oracle Database [v1] | Ensures adherence with basic best-practice security configuration settings that help protect against database-related threats and attacks, providing a more secure operating environment for Oracle Database. Associate this compliance standard with a database and enable the collections by applying the Oracle certified monitoring template Oracle Certified-Enable Database Security Configuration Metrics to evaluate the database compliance. |
| Basic Security Configuration For Oracle Database 19c | Ensures adherence with basic best-practice security configuration settings that help protect against database-related threats and attacks, providing a more secure operating environment for Oracle Database. Associate this compliance standard with a database and enable the collections by applying the Oracle certified monitoring template Oracle Certified-Enable Database Security Configuration Metrics to evaluate the database compliance. |
| Best Practices for Oracle Database Cloud Services [v1] | Compliance Rules to check the configuration of Database Service Instances |
| CIS Benchmark for Oracle Database 11g v2.2.0, Level 1 RDBMS | This profile contains the Center for Internet Security Benchmark for Oracle Database 11g. |
| CIS Benchmark for Oracle Database 12c v2.0.0, Level 1 RDBMS using Unified Auditing | This profile contains the Center for Internet Security Benchmark for Oracle Database 12g using Unified Auditing. |
| Oracle Database Security Assessment Tool [v2.1] | This profile contains a security benchmark for Oracle Database Security Assessment Tool (DBSAT). |
Oracle E-Business Suite
| Rule Set | Description |
|---|---|
| Oracle E-Business Suite with Oracle Database 12.1 Best Practices [v1] | E-Business Suite security and best practices checks based on MOS Note 403537.1 |
MySQL Enterprise
| Rule Set | Description |
|---|---|
| Basic Security Configuration for MySQL Enterprise Edition 5.7 | Assess the MySQL database against secure configuration setting recommended by Center for Internet Security. |