turbot/oci_compliance

Benchmark: CIS v2.0.0

To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.

Overview

This document, CIS Oracle Cloud Infrastructure Foundations Benchmark provides prescriptive guidance for establishing a secure baseline configuration for the Oracle Cloud Infrastructure environment. The scope of this benchmark is to establish a base level of security for anyone utilizing the included Oracle Cloud Infrastructure services. The benchmark is, however, not an exhaustive list of all possible security configurations and architecture. You should take the benchmark as a starting point and do the required sitespecific tailoring wherever needed and when it is prudent to do so. To obtain the latest version of this guide, please visit https://www.cisecurity.org/cisbenchmarks/. If you have questions, comments, or have identified ways to improve this guide, please write us at benchmarkinfo@cisecurity.org.

Profile Definitions

The following configuration profiles are defined by this Benchmark:

Level 1

Items in this profile are intend to:

  • be practical and prudent;
  • provide security focused best practice hardening of a technology; and
  • limit impact to the utility of the technology beyond acceptable means.

Level 2

This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:

  • are intended for environments or use cases where security is more critical than manageability and usability
  • acts as defense in depth measure
  • may impact the utility or performance of the technology
  • may include additional licensing, cost, or addition of third party software

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-oci-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select CIS v2.0.0.

Run this benchmark in your terminal:

powerpipe benchmark run oci_compliance.benchmark.cis_v200

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run oci_compliance.benchmark.cis_v200 --share

Benchmarks

Tags