- Success Stories
Success Stories
McMaster University: Exadata Cloud@Customer Case Study
Eclipsys has helped McMaster University maximize its investment in the Oracle Exadata Cloud@Customer solution. Read the story here
- Careers
Life at DSP-Eclipsys
- About
Getting to know us
- Contact Us
Securing Oracle Database with Industry Standards and Best Practices
Anas Darkal
Oct 27, 2025 12:00:00 AM
Contents
Introduction
- Oracle Enterprise Manager (OEM) provides a solution to secure and ensure compliance with security policies defined by security officers and auditors.
- With the Audit for Compliance feature, you can secure the entire stack from databases, underlying Linux hosts, and Exadata infrastructure with out-of-the-box security controls.
- For Oracle Databases 12c, 19c, and 23ai, CIS Benchmark is an industry compliance standard that is available out of the box. Besides that, the Department of Defense (DoD) Security Technical Implementation Guide (STIG) standard is available out-of-the-box for regulatory requirements.
Importance & Benefit
- Establish consistent and measurable security baselines.
- Maintain continuous compliance across all Oracle environments.
- Provide audit-ready documentation for regulators and stakeholders.
- Support secure operations and reduce configuration drift.
In this blog, I'll demonstrate how to leverage CIS Benchmark for Oracle Database 19c to secure Pluggable Databases.
Prerequisites
- Oracle OEM 13.5.0.21 or higher
- Oracle 19.23 multitenant database discovered by OEM
Task: Securing Pluggable Database with CIS Benchmarks
1. Once logged in to OEM, navigate to Enterprise > Compliance > Library
2. Click the Compliance Standards tab. To list CIS Benchmarks, search for "Oracle 19c Database CIS".
Select "Pluggable Database" from the "Applicable To" drop list item, then click Search.
3 . Select the row "Oracle 19c Database CIS V1.1.0 - Level 1 - RDBMS using Unified Auditing for Oracle Pluggable Database", then click Associate Targets.
4. Click Add and Select hr.subnet.vcn.oraclevcn.com_FINANCE PDB.
CIS security controls are getting processed, and it will take approximately few minutes to complete.
5. To analyze compliance results, navigate to Enterprise > Compliance > Dashboard
6. At the bottom of the page, you will see the Compliance Summary section. Click on the Standards tab to see the results of the CIS Benchmark assessment.
Click on the Non-Compliant Targets number (1 in this demo), pop-up window shows Targets showing the Compliance Score. This indicates pluggable database hr.subnet.vcn.oraclevcn.com_FINANCE Compliance score is only 41% against the CIS benchmark baseline.
7. To analyze severity, click on Critical number (92), and you will see unique violations for this target.
8. To see compliance results, click on "Oracle 19c Database CIS V1.1.0 - Level 1 - RDBMS using Unified Auditing". You will see the main CIS categories along with their corresponding CIS control rules and any violations.
The Target Scorecard pie chart displays the overall compliance evaluation status of the monitored target, summarizing its adherence to defined CIS benchmark security policies.
The Rule Evaluations pie chart represents a summary of each rule evaluation status, compliant, critical, warning, minor warning, and error, in terms of the percentage of rules.
9. Select Violation tab. This table provides comprehensive details for each rule, target name, applicable pluggable database, and violation severity with keywords. You can select an individual violation to view its detailed statement and recommended actions for quick remediation.
You will find Event details on violated rule information, violation details, and a guided resolution option for recommendations.
Click on Corrective actions. You will see the Corrective Actions pop-up window.
10. Select the row labeled CORRECTIVE_ACTION_REVOKE_DBA_ROLE_PRIVILEGE. Choose preferred credentials and click Submit.
11. You will be presented with a pop-up window for Corrective action. Click to view execution details.
12. You will notice that the DBA role job was successfully revoked.
13. Now we will view the remediated status for the pluggable database.
Navigate to Targets > Databases. Select hr.subnet.vcn.oraclevcn.com_FINANCE pluggable database. You will be navigated to the PDB database home page.
14. Click Oracle Database > Configuration > Latest
15. You will see the latest configuration. Click Refresh.
Processing will take about few minutes to complete and get refreshed.
16. Navigate to Enterprise > Compliance > Dashboard
You will notice a reduction in violations from 92 to 91
17. To generate a comprehensive compliance report for CIS compliance standards and their associated pluggable database targets, click on Reports.
18. The report will show a Summary of passed and Failed Rules, Compliance Score, Results Details, along Standard Rules.
That completes the demo.
Thanks for reading!
Want to find out more about how you can get the best out of your Oracle database security and compliance? Get in touch with DSP-Eclipsys today to explore better solutions for your business.