Upload
hanhi
View
230
Download
0
Embed Size (px)
Citation preview
Oracle MiniCluster S7-2 Security Technical Implementation Guide (STIG) Compliance Review O R A C L E T E C H N I C A L W H I T E P A P E R | J A N U A R Y 2 0 1 7
THE FULLY ENCRYPTED DATA CENTER
Table of Contents
Introduction 1
Target Audience and Assumed Knowledge 1
Methodology 2
Oracle MiniCluster - DISA STIG Security Checklist 2
Oracle Database 12c Security Checklist 5
STIG Findings and Resolution Actions 5
Summary Findings 5
Oracle Solaris Security Checklist Findings 5
Oracle Database 12c Security Checklist Findings 7
Summary of Resolution Actions 7
Configuration Settings 7
Patches and Updates 8
Software Uninstallation 8
Security Software 9
Additional Security Practices 10
Management Network Security Recommendations 10
SPARC S7 Compute Nodes 10
Software and Firmware Patching 10
Oracle Database Security on Oracle MiniCluster 10
Conclusion 11
Appendix 12
About the Oracle MiniCluster S7-2 Platform 12
ORACLE SUPERCLUSTER M7 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) VALIDATION AND BEST PRACTICES
References 14
Product Security Guides 14
1 | Oracle SUPERCLUSTER M7 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) VALIDATION AND BEST PRACTICES
Introduction
The United States Defense Information Systems Agency (DISA) creates and maintains a series of security guidelines for Department of Defense (DOD) information systems. These guides, called Security Technical Implementation Guides (STIGs), identify configuration settings and procedural actions that should be taken to improve the security posture of deployed systems. Many government agencies require that systems comply with these guidelines before connecting to a network. This white paper is a compliance readiness guide, which provides validation and reports that the DISA STIG security guidelines can be successfully implemented on Oracle MiniCluster S7-2.
The recommendations contained within this paper were developed as a result of the successful STIG application and testing of a live Oracle MiniCluster S7-2 (Oracle MiniCluster) version 1.1.21 at the Oracle Enterprise Technology Center in a project conducted by Oracle. While all efforts were made to ensure best security practices of DISA STIGs incorporated, there are no guarantees that Oracle's recommendations will be accepted by accrediting authorities.
Target Audience and Assumed Knowledge This document is intended for security practitioners, who should be familiar with Oracle MiniCluster, Oracle MiniCluster software version 1.1.21 (DISA STIG Profile), Oracle Solaris 11, Oracle Database 11gR3, Oracle Database 12c, Oracle Enterprise Manager and its security features.
2 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
Methodology A full configuration of Oracle MiniCluster was utilized as the target for STIG application and testing. Refer to the
appendix for a description of the Oracle MiniCluster platform architecture. The Oracle MiniCluster system was
installed and pre-configured using the fully automated DISA STIG profile tool without any human intervention in the
same manner as it would be for delivery to customer sites. In addition, the Oracle Database STIG scripts were
loaded on the Oracle Database 12c database residing in Oracle MiniCluster database virtual machines (Oracle
Solaris 11.3 non-global zones). After installation, a number of tests were performed to validate correct operation of
the system, database, and application services:
• Verification of Oracle MiniCluster generated DISA-STIG compliance readiness report (Overall score 95% and above expected with manual intervention recommendations)
• Verification of system reboot without error
• Verification of FIPS-140-2 Level 1 Compliance
• Successful connectivity testing to the, management console, servers and attached storage
• Successful connectivity testing to the database via SQL*Net and SQL*Net with TLS encryption
• Successful verification testing of Oracle ZFS encryption and key management without performance degradation
• Check of the system logs for errors
• Verification of database and overall cluster health with the database console utility
• Installation and testing of the Oracle Enterprise Manager 12c management suite in application virtual machine and enterprise manager agents in database virtual machines
• Functional and performance testing of the database instances via connections and load from the Swingbench load generator running the “Order Entry” benchmark before and after configuration changes
• Verification of Role based access control for primary, secondary and tenant administrators and auditors.
• Verification of central audit store and audit reports.
• Verification of central key store and FIPS approved algorithms
• Verification of host based firewalls (Oracle Solaris IPFilters)
• Verification of DISA STIG recommended password policies
• Verification of whitelisted services
• Verification of disabling unnecessary packages, ports, protocols and services
The target system remained stable and functional throughout testing with all of the tests above yielding positive results.
Oracle MiniCluster - DISA STIG Security Checklist The DISA published document for the Oracle Solaris 11 STIG Version 1 Release 9 was utilized as the baseline for
the identification of Potential Discrepancy Items (PDI) and documentation of remedy or exception handling. The
3 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
review was performed with the configuration of Oracle MiniCluster DISA-STIG profile made available during
installation of Oracle MiniCluster by the Virtual Assistant console and also during the creation of database and
application virtual machine groups and documented in comprehensive compliance readiness reports and logs
identifying success and failed tests requiring manual intervention. The DISA Oracle Solaris 11 STIG document can
be found at:
http://iase.disa.mil/stigs/os/unix-linux/Pages/solaris.aspx
Oracle Solaris 11 is the required base operating system for Oracle MiniCluster although Oracle Solaris 10 branded
virtual machines also can be used. Oracle Solaris 11 is certified by Common Criteria at the EAL 4+ level with
Operating System Protection Profile (OSPP) including Label Security and Virtualization. Oracle Solaris Zones is the
virtualization technology supporting execution of multiple virtual machines in each physical node. Oracle Solaris
Zones were used during the testing to enable the creation of separate database virtual machine groups and general-
purpose application virtual machine groups, all of which were secured at installation by the Oracle MiniCluster DISA-
STIG profile for virtual machine groups (Figure 1).
Figure 1. Oracle MiniCluster Virtual Assistant – Selecting DISA-STIG profile
4 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
Upon completion of installation using DISA-STIG profile, the Oracle MiniCluster Virtual Assistant presents a DISA-
STIG compliance readiness report available upon the first boot of Oracle MiniCluster system nodes (Global zones),
database and application virtual machine groups. The compliance readiness report highlighting the overall
compliance score and STIG reports can be accessed from the “Compliance Information” section of Oracle
MiniCluster Virtual Assistant (Figure 2).
Figure 2. Oracle MiniCluster Virtual Assistant – Compliance Readiness
5 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
Oracle Database 12c Security Checklist The Oracle Database Security Readiness Review (SRR) scripts are also provided by DISA and intended to identify
potential issues that might jeopardize the overall security and integrity of an Oracle Database 12c system. The
Oracle Database 12c Security Checklist identifies a series of known security-related items identified in the Database
STIG. A security review of the installed Oracle Database on the Oracle MiniCluster platform was performed using
the Oracle Enterprise Manager STIG verification checks incorporated into the SRR Oracle Database 12c scripts and
documented in this report. This report verifies the use of STIG Version 1 release 1.8 of the Database SRRs on
Oracle Database 12.1.0.3.
STIG Findings and Resolution Actions The following sections provide information on configuring DISA STIG security for databases and applications running on Oracle MiniCluster system.
Oracle reviewed 275+ Oracle MiniCluster and Solaris 11-based STIG items on Oracle MiniCluster pre-configured with DISA-STIG profile and 180+ Oracle Database items as per Oracle database SRR. The testing documented the status of findings using the following categories:
• Open findings: Unable to provide a technical resolution with Oracle MiniCluster default setup.
• Manual Intervention required: Proper mitigation is applied either by default or manual intervention.
Separate documents itemizing the exact status of every item are available from your Oracle sales team.
Summary Findings The findings from the STIG testing are presented in the following categories:
• Oracle Solaris Security Checklist findings
• Oracle Database 12c Security Checklist findings
Oracle Solaris Security Checklist Findings
The Oracle Solaris Security Checklist findings are classified into several categories, as shown in Table 1.
TABLE 1. CATEGORIES FOR ORACLE MINICLUSTER/SOLARIS SECURITY CHECKLIST FINDINGS
CATEGORY DESCRIPTION
292 Total Oracle MiniCluster/Solaris items reviewed
74
183
Security configuration added on MiniCluster CIS/Secure By Default
Successful security tests - Passed
9 Failed Security tests after Oracle MiniCluster installation (before remediation)
27 Manual intervention required, site-specific policy or procedural requirements
3 Open findings after remediation
The STIG readiness reports can be accessed and downloaded from Oracle MiniCluster Virtual Assistant for all compute nodes. A typical report will present the following (refer Figure 3) :
6 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
Figure 3: Oracle MiniCluster – Typical DISA STIG Readiness Report (Highlights for Global zone)
The open items that typically require manual intervention after Oracle MiniCluster default installation (Global zone) are as follows:
• SRG-OS-999999 SOL-11.1-020350 2 RC no write • SRG-OS-999999 SOL-11.1-020380 2 SS exec owner • SRG-OS-999999 SOL-11.1-030040 3 miscDisab • SRG-OS-999999 SOL-11.1-030050 2 wrappers • SRG-OS-000002 SOL-11.1-040020 3 pass temp • SRG-OS-000148 SOL-11.1-040490 2 outbound • SRG-OS-999999 SOL-11.1-050140 3 wrappers • SRG-OS-999999 SOL-11.1-050470 2 spoof ` • SRG-OS-000157 SOL-11.1-060070 2 ssh ipsec • SRG-OS-000158 SOL-11.1-060080 2 ssh ipsec • SRG-OS-000159 SOL-11.1-060090 2 ssh ipsec • SRG-OS-000160 SOL-11.1-060100 2 ssh ipsec • SRG-OS-000161 SOL-11.1-060110 2 ssh ipsec • SRG-OS-000162 SOL-11.1-060120 2 ssh ipsec • SRG-OS-000033 SOL-11.1-060130 2 ssh ipsec • SRG-OS-000157 SOL-11.1-060190 2 ipsec • SRG-OS-999999 SOL-11.1-070090 2 homeOwn • SRG-OS-999999 SOL-11.1-070190 3 SUID • SRG-OS-999999 SOL-11.1-070200 2 all owned • SRG-OS-999999 SOL-11.1-080010 1 O/S ver • SRG-OS-999999 SOL-11.1-080160 1 SNMP • SRG-OS-000056 SOL-11.1-090020 2 ntp.conf • SRG-OS-999999 SOL-11.1-090030 2 auditReduce • SRG-OS-999999 SOL-11.1-090040 3 extraAccts • SRG-OS-000099 SOL-11.1-090050 2 backups • SRG-OS-000100 SOL-11.1-090060 2 backups • SRG-OS-000101 SOL-11.1-090070 2 backups Select failed tests that can be resolved with manual intervention (via Oracle MiniCluster BUI or CLI)are as follows:
• SRG-OS-999999 SOL-11.1-080130 3 EEPROM • SRG-OS-000047 SOL-11.1-010420 2 auditCrash • SRG-OS-999999 SOL-11.1-050370 3 ipfilter
7 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
Known failed tests that cannot be resolved at Oracle MiniCluster default installation (Global Zone):
• SRG-OS-000256 SOL-11.1-020030 2 pkgVerify • SRG-OS-999999 SOL-11.1-070080 3 userHome • SRG-OS-999999 SOL-11.1-100030 2 zone dev
Oracle Database 12c Security Checklist Findings
The Oracle Database 12c checklist evaluated a total of 180 items classified into the categories shown in Table 2.
TABLE 2. CATEGORIES FOR ORACLE DATABASE CHECKLIST FINDINGS
CATEGORY DESCRIPTION
180 Total Oracle Database items reviewed
24 Open findings before remediation
0 Open findings after remediation
119 Manual, site-specific policy or procedural requirements
46 Not a finding in default configuration
Summary of Resolution Actions
This section contains a summary of the remedial actions that should be taken to resolve the open findings. For
clarity, the resolutions are sorted into the following categories for application to the database servers in Oracle
MiniCluster targeted for STIG application:
• Configuration Settings: configuration setting changes to the operating system, utilities, or database
• Patches and Upgrades: the application of patches or software/firmware upgrades
• Software Uninstallation: removing installed software from the target system
• Process or Procedure: the creation of documentation as well as process or procedure implementation
• Security Software: the installation and configuration of software or utilities on the target system, for
example antivirus or host intrusion tools
Configuration Settings
Oracle MiniCluster/Solaris 11 security configuration settings and modifications include the following:
• Whitelisting of essential services
• Blacklisting and disabling unnecessary services
• Login and password system, login, and tty settings
• Removal of, changes to, or disabling of individual accounts and groups
• File or directory ownership and permissions changes or removal
• Initialization files such as bashrc
• The audit subsystem to incorporate new rules and audit log rotation
• cron and scheduling systems
8 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
• Firewall, TCP wrappers, and network configuration settings
• Core dump configuration
• Disabled or removed packaged utilities
• Addition of approved DoD login banners, messages, and warnings
• Password contents, according to published policy
• /etc/hosts allow and deny settings
• Configuration of terminal lockout
• NTP server configuration
• FIPS 140 mode
• Encrypted ZFS datasets
• Swap encryption
• Centralized audit store
• Role based access control
• Centralized PKCS#11 based key store
Oracle Database 12c settings and modifications include the following:
• Enabling and configuring database auditing
• Setting resource limits on user profiles
• Changing system parameters to harden database access
• Implementing a custom password-verify function to comply with STIG password complexity requirements
• Modifying SQL*Net settings to enforce expiration, connect times, and allowed clients as well as cnt
versions
• Setting file or directory ownership and permissions
• Changing passwords on accounts to comply with STIG complexity rules
• Modifying password system configuration and authentication settings
• Establishing SYSMAN permission grants and schema settings
• Implementing encryption for sensitive data
• Configuring TNS Listener according to the STIG checklist
Patches and Updates The primary delivery vehicle for Oracle MiniCluster Proactive Maintenance is the Quarterly Maintenance Update,
which will be released as the Quarterly Full Stack Download Patch (QFSDP) for Oracle MiniCluster.
For reactive maintenance situations (break/fix or critical security fix in between quarterly updates), the affected
components can be updated as needed in consultation with Oracle engineered systems support.
Software Uninstallation
Oracle Solaris 11 software uninstallation includes network protocols (FTP, NIS, TFTP/installadm, telnet, UUCP,
finger), VNC, and instant messaging (pidgin). Oracle Database 12c software uninstallation includes STIG checklist
recommendations, including the uninstallation and removal of database components that are not required or not
licensed, as well as the removal of any database SCHEMA, objects, or applications that exclusively support them.
9 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
This modification is typically performed on a case-by-case basis to support the intended operation and functionality
of the database system. Examples of Oracle Database 12c components in this category include Oracle Partitioning,
Oracle Real Application Clusters (Oracle RAC), and Data Guard, a feature of Oracle Active Data Guard and Oracle
Database, Enterprise Edition. Required components are documented in the application design specification and
listed in the system security plan.
Process or Procedure
The creation and implementation of processes and procedures are highly site-dependent and dependent on the
local security policy. Most of the items in this category are the findings identified as “Open with customer action
required.” The following suggested remedial actions summarize a broad spectrum of individual actions to remedy
each potential finding identified by the STIG checklist script.
• Applying Oracle Solaris 11 security and hardening guidelines, which are documented in the standard
documentation set: http://docs.oracle.com/cd/E53394_01/html/E54807/index.html
• Ensuring system physical security, including attachment of any external devices
• Applying vendor-recommended patches and security patches periodically
• Maintaining baseline backups and checking file systems against baselines;
• Documenting the system and any variances from STIG policy with the Information Assurance Officer
according to STIG recommendations and local policy
• Performing user password and account policy actions
• Maintaining strong separation between the client access network and the management network
Oracle Database 12c database–scoped processes or procedures include the following:
• Development and documentation of management and operations policies and processes
• Verification of the configuration to compliance standards
• Implementation and testing of database backup and recovery
• Database change and configuration management
• Data labeling, encryption, key management, and validation according to compliance requirements, where
required
• Implementation and management of audit information
• Documentation and implementation of account, access control, and authorization procedures and
policies
• Auditing and compliancy to STIG recommendations and DBMS classification levels
• Configuration and security of network configuration, remote administration encryption, and network
perimeter protection.
Security Software
Oracle Solaris 11 installation of security software or utilities includes the following:
• Installing and configuring a system vulnerability tool
• Installing and configuring approved virus scan software
10 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
Additional Security Practices
This section contains additional practices that can be utilized to improve the overall security of Oracle SuperCluster.
The practices range from system patching to access control of elements on the management network.
Management Network Security Recommendations
The Oracle MiniCluster management subnet provides critical access to the components of the system and it needs
to be secured properly. Penetration of the management network allows attempts at access to the Oracle Integrated
Lights Out Manager (Oracle ILOM) ports of the various components of the system. Having access to the Oracle
ILOM port is similar to having physical access to the system. A user with Oracle ILOM access can power off the
system, install new ILOM software, or change the ILOM’s root password. Oracle ILOM security controls allow the
creation of roles with limited capabilities. Access to the management network should be restricted to a limited
population of properly skilled and cleared administration staff using SSH. Oracle ILOM can be accessed via SSH for
command-line management or via an SSL-encrypted web session.
SPARC S7 Compute Nodes
When configured properly per the Oracle Solaris STIG, these nodes will automatically enforce user and role
password policies as per DISA guidelines to use complex password by default. In addition, the Oracle ILOM admin
and EEPROM password should be configured manually to DISA standards to prevent unauthorized power cycling of
the system via the Oracle ILOM console or Oracle MiniCluster Virtual Assistant web interface. Roles are being
effectively used in Oracle MiniCluster virtual machines (Solaris 11 zones) and Oracle ILOM to allow administration
of the system without providing complete root powers.
Software and Firmware Patching Effective proactive patch management is a critical component of any system’s security. The application of Oracle-
suggested patches and security patches is a minimum recommendation for the establishment of baseline security.
Oracle Database Security on Oracle MiniCluster From the outset, Oracle has delivered the industry's most advanced technology to safeguard data where it lives—
in the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect
against insider threats, and enable regulatory compliance. Key Oracle Database security products include the
following:
• Oracle Transparent Data Encryption
• Oracle Database Vault
• Oracle Audit Vault and Database Firewall
• Oracle Configuration Manager
• Oracle Total Recall
• Oracle Advanced Security
• Oracle Data Masking Pack
• Oracle Label Security
11 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
• Oracle Secure Backup
With Oracle's powerful privileged user and multifactor access control, data classification, transparent data
encryption, auditing, monitoring, and data masking, you can deploy reliable data security solutions that do not
require any changes to existing applications, thereby saving time and money.
Conclusion
The goal of successful application of STIG-recommended configuration settings by Oracle MiniCluster software
1.1.21 (DISA STIG profile) to the Oracle MiniCluster platform without negatively affecting the system was achieved
and documented in this paper. While there is no single formula for application of STIG recommendations in all
situations and configurations, the implementation and testing performed during the course of this project proves that
it is reasonable and possible to apply STIG recommendations to the Oracle MiniCluster platform at first boot to meet
the needs of government and commercial organizations that are required or elect to comply with the
recommendations created by DISA for the Department of Defense.
12 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
Appendix
About the Oracle MiniCluster S7-2 Platform
Built as a multipurpose engineered system, Oracle MiniCluster S7-2 combines the computing power of Oracle’s
SPARC S7 processor, which powers two active/active independent compute servers with redundant 10 GbE network connectivity (Figure 3). This assures a highly available architecture is supported by fully redundant, high-performance shared flash storage. The compute servers are fully optimized to utilize the efficient virtualization
capabilities of Oracle Solaris-based secure virtual machines and the highly available Oracle Database. Finally, another 10 GbE network provides the conduit through which all the intercommunication between the virtual machine environment on the SPARC S7 servers and hosted applications are managed. With these engineered
components working together, Oracle MiniCluster S7-2 presents a secure single tenant—a dedicated compute platform environment for hosting applications and databases. This integration is also designed to ensure businesses and cloud service providers stay secure and compliant from initial install, which establishes a verified,
compliant, ground-up secured compute and application environment.
Figure 4. Oracle MiniCluster S7-2 hardware architecture
The SPARC S7 processor features always-on hardware-assisted cryptographic functionality that helps entities hosted on Oracle MiniCluster S7-2 to protect their information with high-performance data protection—at rest, in use, and in transit. The processor also features Oracle’s Silicon Secured Memory, a feature of Oracle’s SPARC
M7 and SPARC S7, which detects and prevents attacks related to memory data corruptions and memory scraping, thereby ensuring the integrity of application data. Oracle MiniCluster S7-2 allows the hosting of up to 24 virtual machines (maximum of 4 database virtual machines per node and 12 application virtual machines per node) with
high availability. In addition to these 24 virtual machines, there are two dedicated VMs intended for administration and management, and two dedicated virtual machines to host shared services like NFSv4 storage, Oracle key wallet and object stores. By default, all virtual machines reside on fully encrypted storage and use encrypted
network connectivity. In addition, all virtual machines are preconfigured and pre-verified with more than 250 out-of-box security controls. The controls assure confidentiality, integrity, and availability of the platform by reducing the attack surface of the system by disabling services, ports, and protocols that are not absolutely necessary or have
13 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
known vulnerabilities. Further, the security controls assure confidentiality, integrity, and availability by configuring the exposed services to accept only trusted connections, thereby protecting against any multistage attacks.
The diagram in Figure 4 illustrates a typical Oracle MiniCluster S7-2 deployment with default security configuration that consolidates Oracle database and applications workloads.
Figure 5. Oracle MiniCluster S7-2: Typical configuration including default security configuration for software workloads
14 | ORACLE MINILUSTER SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) COMPLIANCE REVIEW
References
Detailed and current versions of STIG compliance documents for Oracle Solaris and Oracle Database are available from the DISA website.
• http://iase.disa.mil/stigs/os/unix-linux/Pages/solaris.aspx
• http://iase.disa.mil/stigs/app-security/database/Pages/oracle.aspx
Readers are also encouraged to discuss their specific Oracle MiniCluster STIG deployment situations with their
Oracle representatives and get direct advise on Oracle MiniCluster STIG compliance readiness from systems engineers in Oracle Public Sector/Department of Defense (DoD) and Oracle National Security Group (NSG) organizations.
Product Security Guides
• “Oracle MiniCluster S7-2 Platform Security”
https://community.oracle.com/servlet/JiveServlet/download/1007912-1-291403/MiniClusterS7-
Security-WhitePaper-Final_161028.pdf
• Oracle MiniCluster S7-2 Security Guide
https://docs.oracle.com/cd/E69469_01/html/E69475/index.html
• Oracle Integrated Lights Out Manager (Oracle ILOM) Security Guide Firmware Releases 3.0, 3,1, 3.2
http://docs.oracle.com/cd/E37444_01/pdf/E37451.pdf
• Oracle Solaris 10 Security Guidelines
http://docs.oracle.com/cd/E26505_01/pdf/E37990.pdf
• Oracle Solaris 11 Security and Hardening Guidelines
http://docs.oracle.com/cd/E53394_01/pdf/E54807.pdf
• Oracle Database 12c Security Guide
https://docs.oracle.com/database/121/DBSEG/toc.htm
• Oracle’s Common Criteria status page
http://www.oracle.com/technetwork/topics/security/oracle-common-criteria-095703.html
Oracle Corporation, World Headquarters Worldwide Inquiries 500 Oracle Parkway Phone: +1.650.506.7000 Redwood Shores, CA 94065, USA Fax: +1.650.506.7200
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0615 Oracle MiniCluster Security Technical Implementation Guide (STIG) Compliance Review January 2017 Author: Ramesh Nagappan Contributing Author: Kevin Rohan
C O N N E C T W I T H U S
blogs.oracle.com/oracle
facebook.com/oracle
twitter.com/oracle
oracle.com