MEDIUMCIS 2.5

Ensure NSGs are used instead of security lists

Network Security Groups should be preferred over security lists for granular control.

Security Impact

Security lists apply to entire subnets; NSGs provide resource-level control.

How to Remediate

Create NSGs and attach to VNICs. Migrate from security list rules to NSG rules.

Affected Resources

OCI::Core::NetworkSecurityGroup

Compliance Frameworks

CIS OCI v1.2.0SOC 2PCI-DSS

How TigerGate Helps

TigerGate continuously monitors your Oracle Cloud environment to detect and alert on this misconfiguration. Here's what our platform does for this specific check:

  • Continuous Scanning

    Automatically scans all Oracle Cloud Virtual Cloud Network (VCN) resources across your Oracle Cloud tenancies every hour

  • Instant Alerts

    Get notified via Slack, email, or webhooks when this misconfiguration is detected

  • One-Click Remediation

    Fix this issue directly from the TigerGate dashboard with our guided remediation

  • Compliance Evidence

    Automatically collect audit evidence for CIS OCI v1.2.0, SOC 2, PCI-DSS compliance

  • Drift Detection

    Get alerted if this configuration drifts back to an insecure state after remediation

Check Details

Check ID
oracle-networking-5
Service
Oracle Cloud Virtual Cloud Network (VCN)
Category
Network Security
Severity
MEDIUM
CIS Benchmark
2.5

Automate This Check

TigerGate automatically scans your Oracle Cloud environment for this and 50+ other security checks.

Start Free Trial

Related Oracle Cloud Virtual Cloud Network (VCN) Checks

View all checks
oracle-networking-1medium

Ensure VCN flow logs are enabled

oracle-networking-2high

Ensure security lists do not allow unrestricted SSH

oracle-networking-3high

Ensure security lists do not allow unrestricted RDP

oracle-networking-4medium

Ensure default security list restricts all traffic

oracle-networking-6high

Ensure Bastion service is used for remote access