Policy Regulatory Compliance Control

List of key vault regulatory compliance policies.

The Key Management policy regulatory compliance provides a list of OCI policy to secure services on OCI.

Domain Control ID Control Title OCI Control/Approach Key Links
Access Control AC-4 Information Flow Enforcement OCI Network Firewall Enabled https://docs.oracle.com/iaas/Content/network-firewall/setting-up-network-firewall.htm
Access Control AC-4 Information Flow Enforcement Enable OCI Private Endpoint https://docs.oracle.com/iaas/Content/KeyManagement/Tasks/ekms_creating_ekms_private_endpoint.htm
Access Control AC-17 Remote Access Enable OCI Private Endpoint https://docs.oracle.com/iaas/Content/KeyManagement/Tasks/ekms_creating_ekms_private_endpoint.htm
Access Control AC-17 (1) Monitoring and Control Enable OCI Private Endpoint https://docs.oracle.com/iaas/Content/KeyManagement/Tasks/ekms_creating_ekms_private_endpoint.htm
Audit and Accountability AU-6 (4) Central Review and Analysis Audit Log Retention set to 365 days. Enabled by default no configuration required https://docs.oracle.com/iaas/Content/Audit/Tasks/settingretentionperiod.htm
Audit and Accountability AU-6 (5) Integrated Analysis of Audit Records Audit Log Retention set to 365 days. Enabled by default no configuration required https://docs.oracle.com/iaas/Content/Audit/Tasks/settingretentionperiod.htm
Audit and Accountability AU-12 Audit Record Generation Audit Log Retention set to 365 days. Enabled by default no configuration required https://docs.oracle.com/iaas/Content/Audit/Tasks/settingretentionperiod.htm
Audit and Accountability AU-12 (1) System-wide and Time-correlated Audit Trail Audit Log Retention set to 365 days. Enabled by default no configuration required https://docs.oracle.com/iaas/Content/Audit/Tasks/settingretentionperiod.htm
Contingency Planning CP-9 System Backup Vaults Deletion Protection is Enabled - Enabled by default no configuration required https://www.oracle.com/security/cloud-security/key-management/faq/#recovery
Contingency Planning CP-9 System Backup Vaults Soft Delete is Enabled - Enabled by default no configuration required https://docs.oracle.com/iaas/Content/KeyManagement/Tasks/managingkeys_topic-To_delete_a_key.htm
Identification and Authentication IA-5 Authenticator Management OCI Certificate Expiration - Certificates have a specified maximum validity period https://docs.oracle.com/iaas/Content/certificates/creating-certificate.htm#creating_certificate
Identification and Authentication IA-5 Authenticator Management Modify OCI IAM Policy Key/Secret Controls - Assign access to keys to individuals or groups through vault policy https://docs.oracle.com/iaas/Content/Identity/Concepts/commonpolicies.htm#sec-admins-manage-vaults-keys
Identification and Authentication IA-5 Authenticator Management Modify OCI IAM Policy Key/Secret Controls - Assign access to secrets to individuals or groups through vault policy https://docs.oracle.com/iaas/Content/Identity/Concepts/commonpolicies.htm#sec-admins-manage-vaults-keys
System and Communications Protection SC-7 Boundary Protection OCI Network Firewall Should be Enabled https://docs.oracle.com/iaas/Content/network-firewall/policies.htm
System and Communications Protection SC-7 Boundary Protection OCI Vault must use Service Gateway https://docs.oracle.com/iaas/compute-cloud-at-customer/topics/network/service-gateway.htm
System and Communications Protection SC-7 (3) Access Points OCI Network Firewall must be enabled https://docs.oracle.com/iaas/Content/network-firewall/setting-up-network-firewall.htm
System and Communications Protection SC-7 (3) Access Points OCI Vault must use Service Gateway https://docs.oracle.com/iaas/compute-cloud-at-customer/topics/network/service-gateway.htm