Oracle Database Benchmark

CIS Level 1 & 2 Benchmark and Scoring Tool Oracle 8i Databases CIS Level 1 & 2 Benchmark for Oracle 9i/10g Databases	- Click Here to Download Them - FAQ - The Benchmarks
September 2008: The Oracle 11g Benchmark (v1.0) is now available!
The Download Files:
CIS_Oracle_11g_Benchmark_v1.0.pdf: A PDF that contains the Level 1 and Level 2 security configuration settings and recommendations for Oracle Database version 11g. CIS_Oracle_Benchmark_v1.2.pdf: A PDF that contains the Level 1 and Level 2 security configuration settings and recommendations for Oracle Database version 8i. Oracle Database Scoring Tool: Audit only, host based tool that will scan Oracle 8i databases for compliance with the CIS Oracle 8i Database Benchmark v1.2 ONLY. CIS_Oracle_Benchmark_v2.01.pdf: A PDF that contains the Level 1 and Level 2 security configuration settings and recommendations for Oracle Database versions 9i and 10g. NOTE: There is currently no tool available for the Oracle 9i/10g (v2.01) or 11g (v1.0) Benchmarks.
What are the Benchmarks and the Scoring Tool?
The Benchmarks are a compilation of security configuration actions and settings that "harden" Oracle databases. They recommend Level 1 Benchmark guidance, representing the prudent level of minimum due care for operating system security. Level 1 Benchmark settings/actions: Can be understood and performed by system administrators with any level of security knowledge and experience; Are unlikely to cause an interruption of service to the operating system or the applications that run on it; and Can be automatically monitored either by CIS Scoring Tools or by CIS Certified tools available from security software vendors. CLICK HERE for a roster of commercially available CIS-certified software tools. The Level 2 Benchmark settings/actions: Enhance security beyond the minimum due care level, based on specific network architecture and server function. Contain some security configuration recommendations that affect functionality, and are therefore of greatest value to system administrators who have sufficient security knowledge to apply them with consideration to the functions and applications running in their particular environments. The CIS Scoring Tool for Oracle 8i Databases provides a quick and easy way to evaluate systems and compare their level of security against the CIS minimum due care security Benchmark. Tool reports guide system administrators to harden both new installations and active production systems. The tool is also effective for monitoring systems to assure that security settings continuously conform with the Benchmark.

Share Your Feedback
We value your feedback, which may be used both to update the Level 1 Oracle Benchmarks and to further define the Level 2 security configuration recommendations. The CIS Feedback Email Address Please direct other feedback to: Bert Miuccio, Vice President For more information about the CIS consensus process and the benchmarks, go to What are the Benchmarks? and FAQ - The Benchmarks.
Updates to the Benchmarks and Scoring Tool
The CIS Level 1 & 2 Oracle 8i Databases and 9i/10g Benchmarks are updated periodically. Continuous feedback from CIS Members and other users assures that the consensus standard of minimum due care is always reflected in the recommended settings. Revision histories can be found in the benchmark documents. One of the benefits of CIS Membership is electronic notification when updates become available. Click Here for more information about membership. If your organization is not a member of the Center, visit this website periodically to assure that you are using the latest version of the Oracle 8i Databases and Oracle 9i/10g Databases Benchmarks. DOWNLOAD the CIS Level 1 & 2 Oracle 8i and 10g Databases Benchmarks and Scoring Tool (Oracle 8i Databases only)