blockstorage_block_volume_cmk_encryption_enabledblockstorage_boot_volume_cmk_encryption_enabledcloudguard_enabledcore_default_security_list_allow_icmp_onlycore_instance_encryption_in_transit_enabledcore_instance_legacy_metadata_service_endpoint_disabledcore_network_security_group_restrict_ingress_rdp_allcore_network_security_group_restrict_ingress_ssh_allcore_security_list_restrict_ingress_rdp_allcore_security_list_restrict_ingress_ssh_allcore_subnet_flow_log_enabledevents_rule_notification_cloud_guard_problems_detectedevents_rule_notification_iam_group_changesevents_rule_notification_iam_policy_changesevents_rule_notification_iam_user_changesevents_rule_notification_identity_provider_changesevents_rule_notification_idp_group_mapping_changesevents_rule_notification_network_gateway_changesevents_rule_notification_network_security_list_changesevents_rule_notification_route_table_changesevents_rule_notification_security_list_changesevents_rule_notification_vcn_changesfilestorage_filesystem_cmk_encryption_enabledidentity_administrator_user_with_no_api_keyidentity_auth_token_age_90identity_authentication_password_policy_strong_min_length_14identity_default_tagidentity_iam_administrators_no_update_tenancy_administrators_group_permissionidentity_only_administrators_group_with_manage_all_resources_permission_in_tenancyidentity_tenancy_audit_log_retention_period_365_daysidentity_tenancy_with_one_active_compartmentidentity_user_api_key_age_90identity_user_console_access_mfa_enabledidentity_user_customer_secret_key_age_90identity_user_db_credential_age_90identity_user_valid_emailkms_cmk_rotation_365manual_controlnotification_topic_with_subscriptionobjectstorage_bucket_cmk_encryption_enabledobjectstorage_bucket_public_access_blockedobjectstorage_bucket_versioning_enabledoracle_autonomous_database_not_publicly_accessible
Query: manual_control
Usage
powerpipe query oci_compliance.query.manual_controlSteampipe Tables
SQL
select id as resource, 'info' as status, 'Manual verification required.' as reason, namefrom oci_identity_tenancy;
Controls
The query is being used by the following controls:
- 1.1 Ensure service level admins are created to manage resources of particular service
- 3.17 Ensure write level Object Storage logging is enabled for all buckets
- 5.2 Ensure no resources are created in the root compartment
- 1.1 Ensure service level admins are created to manage resources of particular service
- 1.13 Ensure Dynamic Groups are used for OCI instances, OCI Cloud Databases and OCI Function to access OCI resources
- 1.14 Ensure storage service-level admins cannot delete resources they manage
- 1.5 Ensure IAM password policy expires passwords within 365 days
- 1.6 Ensure IAM password policy prevents password reuse
- 2.6 Ensure Oracle Integration Cloud (OIC) access is restricted to allowed sources
- 2.7 Ensure Oracle Analytics Cloud (OAC) access is restricted to allowed sources or deployed within a Virtual Cloud Network
- 3.17 Ensure write level Object Storage logging is enabled for all buckets
- 5.2 Ensure no resources are created in the root compartment
- 1.1 Ensure service level admins are created to manage resources of particular service
- 1.14 Ensure Instance Principal authentication is used for OCI instances, OCI Cloud Databases and OCI Functions to access OCI resources
- 1.15 Ensure storage service-level admins cannot delete resources they manage
- 1.5 Ensure IAM password policy expires passwords within 365 days
- 1.6 Ensure IAM password policy prevents password reuse
- 2.6 Ensure Oracle Integration Cloud (OIC) access is restricted to allowed sources
- 2.7 Ensure Oracle Analytics Cloud (OAC) access is restricted to allowed sources or deployed within a Virtual Cloud Network
- 4.17 Ensure write level Object Storage logging is enabled for all buckets
- 6.2 Ensure no resources are created in the root compartment