🛡️ Oracle Tenancy default CreatedBy and CreatedOn tags are not configured🟢

• Contextual name: 🛡️ Tenancy default CreatedBy and CreatedOn tags are not configured🟢
• ID: /ce/ca/oracle/tenancy/default-createdby-and-createdon-tags
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Oracle Tenancy
  • 🔌 Oracle Resource - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

This policy identifies Oracle Tenancies that do not have both required root-level default tags named CreatedBy and CreatedOn. In OCI, default tags configured at the tenancy root compartment are inherited by child compartments and help ensure supported resources receive baseline creation metadata during provisioning.

Rationale

Default tags support consistent resource governance across the tenancy. Applying baseline creator and creation-time metadata at provisioning time improves accountability, operational traceability, inventory hygiene, and downstream reporting.

Configuring these defaults at the tenancy root compartment is the broadest and most maintainable approach because child compartments inherit the setting. This reduces reliance on manual tagging practices and helps establish a consistent tagging baseline across environments and teams.

When the required root-level default tags are missing, supported resources may be created without standard attribution metadata. That weakens governance controls and makes it harder to investigate ownership, review provisioning activity, and apply consistent operational processes.

... see more

Remediation

Open File

Remediation

Configure Root-Level Default Tags for CreatedBy and CreatedOn

Create root-level default tags named CreatedBy and CreatedOn in the tenancy root compartment so supported OCI resources inherit baseline creation metadata during provisioning.

From Oracle Cloud Console

1. Log in to the OCI Console.
2. From the navigation menu, select Governance & Administration.
3. Under Tenancy Management, select Tag Namespaces.
4. Under Compartment, select the root compartment.
5. If no tag namespace exists, click Create Tag Namespace, enter a name and description, and click Create Tag Namespace.
6. Click the name of the tag namespace that will hold the required tag keys.
7. Click Create Tag Key Definition.
8. Enter the tag key name CreatedBy, add a description, and click Create Tag Key Definition.
9. Repeat the previous two steps to create the CreatedOn tag key definition.
10. From the navigation menu, select Identity & Security.
11. Under Identity, select Compartments.
12. Click the name of the root compartment.

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Oracle v3.1.0 → 💼 4.1 Ensure default tags are used on resources - Level 1 (Automated)			1		no data
💼 Cloudaware Framework → 💼 System Configuration			61		no data