I reported the other day that the US Department of Defense (DoD) STIG had been released and that a link to it was available. David Aldridge informed us of this fact in my Oracle security forum
. The link to this 248 page paper is http://iase.disa.mil/stigs/stig/database-stig-v7r1.pdf
. I could not download the paper the other day as I was limited to an airport internet club and a German PC that refused to download PDF's so I did not get a chance to have a proper look at this paper until this evening. I just spent 20 minutes or so browsing though it. This is a substantial peice of work that covers Oracle, SQL Server and DB2 security. The paper include details specific to Windows and Unix and OS390 for Oracle.
This is well worth a good look by anyone and its good to know that the US government uses similar standards to what i have been advocating for some years now. It is also good that they have seen fit to release this document to the public. The Oracle section credits the book "Oracle Security Step By Step guide" that I wrote for SANS and also the CIS benchmark that is also based on the SANS book.
Great paper, thanks to the US DoD / DiSA for releasing it and making it available to everyone to use.