Learning About the CIS Oracle Database 12c Benchmark

March 22, 2021

Learning About the CIS Oracle Database 12c Benchmark

CIS Benchmarks are industry best practices for configuring IT environments, including systems, software, and networks. The Center for Internet Security (CIS) has published more than 140 CIS benchmarks for audit across seven core categories. These categories are:

  1. Operating systems benchmarks
  2. Server software benchmarks
  3. Cloud provider benchmarks
  4. Mobile device benchmarks
  5. Network device benchmarks
  6. Desktop software benchmarks
  7. Multi-function print device benchmarks

CIS Benchmarks are developed through a unique consensus-based audit involving communities of cybersecurity professionals and subject matter experts around the world, each of which continuously identifies, refines, and validates security benchmarks or best practices within their areas of focus.

How to run CIS Oracle benchmarks:


To manually run a CIS Oracle benchmark, the DBA must associate the selected benchmark to the CIS compliance standard to determine whether it is compliant.

  • From the Enterprise menu, select Compliance, then select Library.
  • Select the Compliance Standards tab and select the CIS standard.
  • Select the Oracle Database or RAC and click Associate Targets.
  • Click Add and select the targets the user wants to monitor. The targets appear in the table after the user closes the selector dialog.
  • Click OK then confirm that the user wants to save the association. The association internally deploys the necessary configuration extensions to the appropriate Management Agents.
  • After deployment and subsequent configuration collection occurs, the user can view the results. From the Enterprise menu, select Compliance, then select either Dashboard or Results.

A common tool for staying up to date with CIS compliance standards is the Qualys library of built-in policies. Using Qualys makes it easy to comply with the CIS security standards and regulations since it provides most that have been certified by CIS, as well as ones based on security guidelines from OS and application vendors and other industry best practices.


Most organizations use an automated CIS benchmark tool instead of manually implementing CIS benchmarks. Automating the soltuion makes it faster and easier to implement and maintain compliance with the CIS benchmarks, which would otherwise need to be done manually as well. Solutions typically include scanning functionality to quickly identify areas of non-compliance. By running scans regularly, an organization can prevent misconfigurations from creeping in.

An example of a CIS benchmark tool is a CIS made tool, CIS-CAT. The application compares the user’s system configuration to the benchmark “security standard” and produces a report with which the DBA can discover potential issues with the user’s computer’s security before they escalate into more severe problems.

Any user can download CIS-CAT via the CIS security website here. From there, the user can choose the benchmark they need from a list of all the available benchmark downloads. After downloading the file, the user unzips it and chooses the benchmark they want the Configuration Assessment Tool to scan for. A report on the application’s findings will generate after the scan is done.

What is Oracle 12c?

The Oracle Database 12c is a high-performance, enterprise-class database server. According to Oracle, this is “the first database designed for the Oracle cloud,” which is whereOracle 12c gets the ‘c’ in its name.

Part of the concept of Oracle Database 12c is to make it easier for an enterprise manager or DBA to transition to the Oracle cloud. The multitenant architecture is designed to simplify consolidation without requiring any changes to the applications. Consolidation is an important step toward cloud readiness. The pluggable databases create rapid provisioning and portability capabilities. This makes Oracle Database 12c well-suited to database-as-a-service and self-service provisioning. Oracle 12c is also highly adept at disaster recovery, and you can learn about the backup and recovery best practices in our detailed blog post.


Oracle Database 12c has introduced 500 new features to the database, most notably pluggable databases and multitenant architecture. Examples of these features include the following:

  • The Oracle Database 12c release features the Oracle Database 12c In-Memory, an optional add-on that provides in-memory capabilities.
    • The in-memory option makes Oracle Database 12c the first Oracle database to offer real-time analytics.
  • Oracle Database 12c implements a multitenant architecture, which enables the creation of pluggable databases (PDBs) in a multitenant container database (CDB).

Other features and capabilities comprise:

  • New additions and enhancements to improve Database Administration, RMAN, High Availability and Performance Tuning
  • Online migration of an active data file
  • Online table partition or sub-partition migration
  • Invisible column
  • Multiple indexes on the same column
  • DDL logging
  • Temporary undo in- and- outs
  • New backup user privilege
  • How to execute SQL statement in RMAN
  • Table level recovery in RMAN
  • Restricting PGA size

To learn more about how Solvaria DBAs can work with your Oracle database, read our Oracle migration case study or contact one of our expert DBAs via the form below.