Work with Security Assessment Templates

A Security Assessment template defines the set of security checks, crafted and curated by Oracle, that run when you perform a security assessment against an individual target or a target database group.

Oracle provides several ready-made templates that you can use; for example, the All checks, CIS, STIG, GDPR, and Oracle Recommended Practices templates. You can also create your own custom templates, selecting only the checks that you need.

View Security Assessment Templates

  1. On the left navigation pane, under Security assessment, select Assessment templates.
  2. To view Oracle predefined templates, select the Oracle predefined templates tab.
    • To search for an Oracle predefined template: Select the Search and Filter box to set a filter on description, name, or OCID.
    • To view the target databases and target database groups that have an Oracle predefined template applied: Select a template name, and then select the Target databases tab or the Target databases groups tab. On these tabs, you can perform a search if needed.
  3. To view custom templates, select the Custom templates tab. For each template, you can view the name, status, description, created date and time, and updated date and time.
    • To locate a custom template: Set a filter on compartment, and if needed, use the Search and Filter box to set a filter on updated, created, status, name, or OCID.
    • To view more details about a custom template: Select its name to open the template. On the Details tab, you can view metadata about the template. On the Template tab, you can view the template's checks. On the Target databases and Target database groups tabs, you can view the target databases and target database groups that have the template applied. On the Tags tab, you can view tags created for the templates.

Create a Security Assessment Template

You can create your own security assessment template. During the creation process, you start with an existing Oracle predefined template or custom template, and then select only the checks you need.

  1. On the left navigation pane, under Security assessment, select Assessment templates.
  2. Select Create assessment template. The Create a new template page opens.
  3. For Step 1: Name, do the following:
    1. Enter a name for the assessment template or accept the default name.
    2. For Compartment, select the compartment to which you want to save the template.
    3. (Optional) For Description, enter a meaningful description about the template for your organization.
    4. Select Import checks, and then select an Oracle predefined template or a custom template.
      • Oracle predefined templates include Oracle Recommended Practices template, STIG template, CIS template, GDPR template, and All checks template.
    5. Select the checks in the template that you want to import into your security assessment template.
      • If needed, you can use the Search and Filter box to filter the list of checks by check, check category, CIS benchmark, DISA STIG, EU GDPR, and Oracle recommended practices.
    6. Select Select checks.
    7. (Optional) Select Add tag, select a namespace, select a key, and enter a value.
    8. Select Next.
  4. For Step 2: Review the template, review each check.
    • For each check, you can view the check category, expected severity, CIS benchmark, DISA STIG, EU GDPR, Oracle recommended practices, and remarks.
    • To make changes, select Previous. You can select Import checks again and select a different template and different checks if needed.
  5. To create the template, select Submit. The newly created template is listed on the Custom templates tab.

Apply a Security Assessment Template

You can apply an Oracle predefined template or custom template to a target database or target database group. When you apply a security assessment template, Oracle Data Safe generates a security assessment for your target database or target database group, based on the checks in the template.

Oracle Data Safe also generates a comparison report based on a baseline template that you create during the application process. For each finding in the baseline template, Oracle Data Safe selects default expected severity levels; however, you can modify these as needed.

  1. On the left navigation pane, under Security assessment, select Assessment templates.
  2. Select the template that you want to apply. You can select a template from the Oracle predefined template tab or from the Custom templates tab.
  3. Select Apply template.
  4. For Step 1: Select target database or target database group, do the following:
    1. Select Select a target database or Select target database group.
    2. Select the compartment in which your target database (or target database group) is stored.
    3. Select the name of your target database (or target database group).
    4. Select Next.
  5. For Step 2: Update template baseline severity, do the following:
    1. For Name, enter a name for the baseline template or accept the auto-generated name.
    2. (Optional) For Description, enter a short description for the baseline template.
    3. For each finding listed, update the expected severity levels if needed. To do so, select the three dots, and then select a severity level (High, Medium, Low, Advisory, Evaluate, Deferred, and Pass).
    4. If needed, select the Search and Filter box and set a filter on expected severity to filter the list.
    5. Select Next.
  6. For Step 3: Review and submit template section, carefully review everything.
  7. Select Submit to apply the template to the target database or target database group. Please do not close the window until the following steps are completed.
    • Apply template to security assessment for target database
    • Create template baseline
    • Add findings with modified severity to baseline
    • Compare assessment with template baseline
  8. When all the tasks reach 100% completion, select Close. You return to the page where you chose to apply the template.
  9. To view the assessment, return to the Security assessment landing page, and then select your target database or target database group on the Target summary or Target group summary tabs.
    • The security assessment information is found on the Details, Assessment summary, and Assessment details tabs.
    • To view the comparison report for a target database, select the Compare with baseline tab, and then select View comparison report under Template baseline.

Update a Baseline Template

You can update the expected severity levels for findings in a baseline template.

  1. Open a security assessment for a target database or target database group.
  2. From the Actions menu, select Update template baseline severity. A panel opens.
  3. For each finding you want to update, select the three dots, and then select a severity level.
  4. Select Update.
  5. Rerun the comparison reports for the target databases that use the updated baseline template to view the differences.

Remove a Security Assessment Template

If a template is associated with a security assessment, the association must be removed before a new template can be applied.

  1. On the Security Assessment landing page, select the Target summary or Target group summary tab.
  2. Select a target database or target database group to open it.
  3. On the Details tab under Template, select Remove template.
  4. Select Remove template again to confirm.