Skip to main content

πŸ›‘οΈ Oracle Storage Bucket versioning is disabled🟒

  • Contextual name: πŸ›‘οΈ Storage bucket versioning is disabled🟒
  • ID: /ce/ca/oracle/bucket/bucket-versioning
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: SECURITY, RELIABILITY

Logic​

Similar Policies​

  • Internal: dec-x-56689c50

Similar Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-56689c501

Description​

Open File

Description​

This policy identifies Oracle Storage Buckets that do not have object versioning enabled.

Object versioning is a bucket-level data protection feature in OCI Object Storage. When versioning is enabled, Object Storage keeps previous versions of objects after overwrite and delete operations, allowing authorized users to recover earlier versions when data is changed accidentally or maliciously.

Rationale​

Object Storage buckets can contain business-critical data, application artifacts, logs, and backups. Without object versioning, an overwrite or delete operation can permanently remove the previous object state, reducing recovery options during operational mistakes, application defects, or destructive activity.

Enable versioning for buckets that store important data so previous object versions remain available for recovery and investigation.

Impact​

Enabling object versioning increases storage usage because previous object versions are retained until explicitly deleted or removed by lifecycle policy. Review lifecycle management requirements and retention expectations before enabling versioning on buckets with high object churn.

... see more

Remediation​

Open File

Remediation​

Enable Object Versioning for the Bucket​

Enable object versioning for each affected Oracle Storage Bucket. If versioning is currently suspended, reactivate it so new object writes and deletes create recoverable object versions.

Because previous versions consume storage until they are deleted, configure Object Lifecycle Management if older object versions should expire automatically after an approved retention period.

From Oracle Cloud Console​
  1. Open the OCI Console.
  2. Go to Storage > Object Storage & Archive Storage > Buckets.
  3. Select the compartment that contains the affected bucket.
  4. Open the affected bucket.
  5. Open the bucket edit or settings page.
  6. Set Object Versioning to Enabled.
  7. Save the change.
From OCI CLI​

For each affected bucket, run:

oci os bucket update \
    --namespace-name "{{namespace-name}}" \
    --bucket-name "{{bucket-name}}" \
    --versioning "Enabled"

After remediation, verify that versioning is enabled:

oci os bucket get \
    --namespace-name "{{namespace-name}}" \

... [see more](remediation.md)

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό CIS Oracle v3.1.0 β†’ πŸ’Ό 5.1.3 Ensure Versioning is Enabled for Object Storage Buckets - Level 2 (Automated)11no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Data Protection and Recovery25no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό System Configuration61no data
πŸ’Ό ISO/IEC 27001:2013 β†’ πŸ’Ό A.12.3.1 Information backup12no data
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-4: Backups of information are conducted, maintained, and tested510no data
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed45no data
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-10: Response and recovery plans are tested22no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties62no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved5no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-11: Backups of data are created, protected, maintained, and tested18no data