Oracle Cloud Security Checks
51+ Oracle Cloud Security Checks
Complete list of Oracle Cloud Infrastructure (OCI) security checks across 13+ services based on CIS OCI Foundations Benchmark v1.2.0, PCI-DSS, HIPAA, SOC 2, and ISO 27001.
51+
Security Checks
5+
OCI Services
5+
Compliance Frameworks
v1.2.0
CIS Benchmark
Security Checks by OCI Service
Comprehensive security checks organized by Oracle Cloud service. Click any check for detailed remediation guidance.
Oracle Cloud Identity and Access Management
Ensure MFA is enabled for all IAM users
CIS 1.1critical
Ensure API keys are rotated within 90 days
CIS 1.2medium
Ensure auth tokens are rotated within 90 days
CIS 1.3medium
Ensure customer secret keys are rotated within 90 days
CIS 1.4medium
Ensure IAM policies are not overly permissive
CIS 1.5high
Ensure tenancy administrator group is restricted
CIS 1.6high
Ensure IAM password policy requires complexity
CIS 1.7medium
Ensure service accounts use instance principals
high
Ensure federated identity is used where available
medium
Ensure IAM groups are used for policy assignment
medium
Ensure compartments are used for resource isolation
CIS 1.8medium
Ensure unused credentials are removed
medium
Oracle Cloud Virtual Cloud Network (VCN)
Ensure VCN flow logs are enabled
CIS 2.1medium
Ensure security lists do not allow unrestricted SSH
CIS 2.2high
Ensure security lists do not allow unrestricted RDP
CIS 2.3high
Ensure default security list restricts all traffic
CIS 2.4medium
Ensure NSGs are used instead of security lists
CIS 2.5medium
Ensure Bastion service is used for remote access
high
Ensure private subnets are used for backend resources
medium
Ensure DRG is used for on-premises connectivity
medium
Ensure service gateway is used for OCI services
medium
Ensure WAF is enabled for public web applications
high
Oracle Cloud Storage
Ensure Object Storage buckets are not public
CIS 3.1critical
Ensure Object Storage buckets have encryption enabled
CIS 3.2high
Ensure Object Storage has versioning enabled
CIS 3.3medium
Ensure Object Storage has lifecycle policies
low
Ensure Object Storage audit events are enabled
CIS 3.4medium
Ensure Block Volume backups are configured
CIS 3.5high
Ensure Block Volumes use customer-managed encryption
CIS 3.6medium
Ensure Boot Volumes are encrypted
CIS 3.7medium
Ensure File Storage exports are restricted
high
Ensure File Storage uses encryption in transit
high
Oracle Cloud Compute
Ensure compute instances do not have public IPs
CIS 4.1medium
Ensure compute instances use shielded instances
CIS 4.2medium
Ensure compute instances have monitoring enabled
low
Ensure legacy IMDS is disabled
CIS 4.3high
Ensure instances use latest operating system images
medium
Ensure custom images are scanned for vulnerabilities
medium
Ensure instance pools have auto-scaling configured
low
Ensure instances are properly tagged
low
Ensure dedicated hosts are used where required
low
Ensure fault domains are used for high availability
medium
Oracle Cloud Database
Ensure Autonomous Database uses private endpoints
CIS 5.1high
Ensure database backups are encrypted
CIS 5.2high
Ensure Autonomous Database has Data Guard enabled
medium
Ensure database audit logging is enabled
CIS 5.3high
Ensure TDE is enabled for database encryption
CIS 5.4high
Ensure database connections use TLS
high
Ensure automatic backups are configured
CIS 5.5high
Ensure database patching is current
medium
Ensure database network access is restricted
high
Supported Compliance Frameworks
Every check is mapped to relevant compliance framework controls
CIS OCI v1.2.0
PCI-DSS
HIPAA
SOC 2 Type II
ISO 27001:2022
Complete OCI Service Coverage
Security checks across all critical Oracle Cloud Infrastructure services
IAM
VCN
Compute
Object Storage
Block Volume
Boot Volume
Database
Autonomous DB
OKE
Functions
Load Balancer
WAF
Vault
KMS
Audit
Monitoring
Notifications
Events
Logging
File Storage
API Gateway
DNS
Email Delivery
Bastion
Run All 51+ Oracle Cloud Security Checks
Get a comprehensive OCI security assessment in minutes. See all misconfigurations and compliance gaps.
No credit card required • Free tier available • 14-day trial