CIS provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere (“Products”) as a public service to Internet users worldwide. Recommendations contained in the Products (“Recommendations”) result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a “quick fix” for anyone’s information. | the CENTER for INTERNET SECURITY Center for Internet Security Benchmark for Oracle 9i 10g Version April 2005 Copyright 2005 The Center for Internet Security http cis-feedback@ Table of Contents Agreed Terms of 1. Operating System Specific 2. Installation and 3. Oracle Directory and File 4. Oracle Parameter 5. Encryption Specific 6. Startup and 7. Backup and Disaster 8. Oracle Profile User Setup 9. Oracle Profile User Access 10. Enterprise Manager Grid Control 11. 10g Specific 12. General Policy and 13. Auditing Policy and Appendix A - Additional Settings not scored .47 Appendix B - Disabled Windows 2000 Appendix C - FIPS140-2 Appendix D - Waivers and Appendix E - Using Enterprise Manager Grid Control for Patch Management and Policy Appendix F - Revision .