Changes in This Release for Oracle Database Security Assessment Tool

Oracle Database Security Assessment Tool 2.2.2 (June 2021) is a minor release. It has improved accuracy, remarks, and more checks. In this release, DBSAT can differentiate between an on-premises Oracle Database and cloud databases such as Autonomous Databases (Shared and Dedicated) and DBCS. DBSAT performs different checks and provides specific remarks depending on the assessed database target type.

  • Amended findings for Autonomous Databases
    • Specific findings for Oracle Databases whether they are on-Premises or in-Cloud - Autonomous Databases or Database Cloud Service.
    • The target type is now taken into consideration for analysis. The checks, details, and remarks presented are specific. More details in the Database Security Assessment Tool User's Guide.
  • New checks:
    • USER.GPR

      This finding provides recommendations for the Gradual Password Rollover feature. It checks if there are user profiles with PASSWORD_ROLLOVER_TIME correctly set and if users are using this profile. It details users in the rollover period or that should have the password rollover period expired.

    • CRYPT.DBFIPS

      Checks if parameter DBFIPS_140 = TRUE. This parameter enables Transparent Data Encryption (TDE) and DBMS_CRYPTO PL/SQL package program units to run in a FIPS-compliant mode. FIPS mode is mostly used by departments and agencies of the United States federal government looking to meet FIPS and/or STIG compliance. Be aware that this setting and thus using the underlying FIPS-certified library incurs a slight amount of overhead when the library is first loaded.

  • Improved checks:
    • INFO.PATCH

      Now considers Autonomous Databases specifics. For example, customers can skip two patches (up to 150 days) in Autonomous Database Dedicated, while in Autonomous Database Shared they cannot.

    • CRYPT.TDE

      Now lists how many days have passed since the master encryption key was last rotated.

    • CONF.BKUP

      Improved accuracy. Checks were also improved to better assess the frequency of backups in Autonomous Databases.

    • CONF.DIR

      Directory objects that pose a risk are now identified at the top of the details section.

    • AUTH.DV

      Improved to focus on user created policies, realms, command rules, and protected objects. DBSAT now ignores default Database Vault policies for simplified analysis. Users with granted Database Vault default roles are listed to assess if the correct segregation of duties is in place. Database Vault Operations Control status is also displayed.

    Note:

    The PDB_DBA role is now included for all checks where the DBA role was previously being considered.
  • Adjusted Severity for:
    • INFO.PATCH
    • USER.VERIFIER
    • AUTH.DV
    • ACCESS.REDACT
    • AUDIT.ADMIN, AUDIT.CONN
    • CONF.BKUP
    • NET.CRYPT
    • OS.LISTEN
  • Updated remarks and recommendations
    • More detailed and more action oriented.

Downloading and Installing Oracle Database Security Assessment Tool

Known Issues

MS Excel Font Size Display

Some versions of Microsoft Excel may display text on the screen using a font that is too large to fit in the spreadsheet cells, even though it is sized correctly in printed output. If this happens, you can resize columns to be slightly wider in order to make the text visible.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.