Oracle Cloud Infrastructure Documentation

Findings

Findings in the Security Assessment reports give recommendations to improve the security posture of the database and provide information for further analysis. Most findings consist of the following information:

  • Status: A status value can be High Risk, Medium Risk, Low Risk, Advisory (improve security posture by enabling more security features and technology), Evaluate (needs manual analysis), or Pass (no errors found). A High Risk finding might require immediate remedial action, whereas lower-risk findings might be fixed during a scheduled downtime, or bundled together with other maintenance activities. Use these values to help you prioritize and schedule changes.
  • Summary: This section presents a brief summary of the finding. When the finding is informational, the summary typically reports only the number of data elements that were examined.
  • Details: This section provides information to explain the finding summary, typically results from the assessed database, followed by any recommendations for changes.
  • Remarks: This section explains the reason for the rule and recommended actions for remediation. If a risk is reported, this section may also explain the recommended actions for remediation.
  • References: This section provides information on whether the finding is related to a Center for Internet Security (CIS) recommendation, a General Data Protection Regulation (GDPR) Article/Recital, or a Security Technical Implementation Guide (STIG) recommendation.