Understanding EPM Cloud Security Compliance Features
Oracle employs a multi-faceted approach to ensure Oracle Enterprise Performance Management Cloud security and to protect the confidentiality, integrity, and availability of data.
In addition to physical security of data centers, Oracle has implemented the following security compliance features. These features help you satisfy the security compliance requirements of your organization.
- Transport Layer Security (TLS) 1.2 for Communication
- Periodic TLS Certificate Renewal
- Data Encryption Using Transparent Data Encryption
- Data Encryption Using OCI Block Volume Encryption
- Encryption Keys Stored in FIPS 140-2 Compliant HSM for OCI (Gen 2) Environments
- Password Encryption for Secure EPM Automate Access
- Secure Storage of User Credentials
- Data Masking in Snapshots
- Data Isolation
- Externalized Authentication (Single Sign-On)
- Synchronize Users and Groups Using SCIM
- Use of APIs and Commands to Manage Access to EPM Cloud
- Use of OAuth 2 Tokens for REST APIs, EPM Automate, and EPM Integration Agent (for Oracle Cloud Infrastructure only)
- Multiple Password Policies
- API Gateway Support for REST APIs and EPM Automate
- Role-Based Access Control For End Users
- Virus Scan on Uploaded Files in OCI (Gen 2) Environments
- Network Restricted Access
- Setup IP AllowList for Connections from EPM Cloud
- Deactivate Access to OCI (Gen 2) Environments
- Sign-On Policies to Restrict Access to OCI (Gen 2) Environments
- Maximum Session Duration in OCI (Gen 2) Environments
- Protection using Web Application Firewall (WAF) in OCI (Gen 2) Environments
- Compliance with Oracle Global Trade Policy
- Secure HTTP Headers in OCI (Gen 2) Environments
- DKIM Support for EPM Cloud OCI (Gen 2) Environments
- SPF Support
- DMARC Support for EPM Cloud OCI (Gen 2) Environments
- Bring Your Own Key Functionality for Database Access
- Control Manual Database Access
- Monitor Manual Database Access
- Restrict Data Access by Oracle
- Access Log for Information on Each Access to the Environment
- Audit Reports, Login Reports, and Audit Logs in EPM Cloud on OCI (Gen 2)
- User Login Report for Security Audit
- Activity Report to Monitor Application Performance
- Oracle Software Security Assurance (OSSA)
- Oracle's Monitoring of Environments Using Realtime Dashboards and Alerts
- Threat and Vulnerability Management
- Secure Access to Cloud Environments by Oracle
- Automatic Security Patching
- Periodic Penetration Testing and Ethical Hacking to Identify and Fix Vulnerabilities
- External Security Audits
- Backup Data Residency and Retention on OCI (Gen 2)
- Disaster Recovery Support
- 24X7 Support
- EPM Cloud for the United States Government
- EPM Cloud for the United Kingdom Government