| 💼 1 Identity and Access Management | 17 | 1 | 4 | | no data |
|  💼 1.1 Ensure service level admins are created to manage resources of particular services - Level 1 (Manual) | | | | | no data |
|  💼 1.2 Ensure permissions on all resources are given only to the tenancy administrator group - Level 1 (Automated) | | | | | no data |
|  💼 1.3 Ensure IAM administrators cannot update tenancy Administrators group - Level 1 (Automated) | | | | | no data |
|  💼 1.4 Ensure IAM password policy requires minimum length of 14 or greater - Level 1 (Automated) | | | | | no data |
|  💼 1.5 Ensure IAM password policy expires passwords within 365 days - Level 1 (Manual) | | | | | no data |
|  💼 1.6 Ensure IAM password policy prevents password reuse - Level 1 (Manual) | | | | | no data |
|  💼 1.7 Ensure MFA is enabled for all users with a console password - Level 1 (Automated) | | 1 | 1 | | no data |
|  💼 1.8 Ensure user API keys rotate within 90 days - Level 1 (Automated) | | | 1 | | no data |
|  💼 1.9 Ensure user customer secret keys rotate every 90 days - Level 1 (Automated) | | | | | no data |
|  💼 1.10 Ensure user auth tokens rotate within 90 days or less - Level 1 (Automated) | | | | | no data |
|  💼 1.11 Ensure user IAM Database Passwords rotate within 90 days - Level 1 (Manual) | | | | | no data |
|  💼 1.12 Ensure API keys are not created for tenancy administrator users - Level 1 (Automated) | | | 1 | | no data |
|  💼 1.13 Ensure all OCI IAM local user accounts have a valid and current email address (Manual) | | | | | no data |
|  💼 1.14 Ensure Instance Principal authentication is used for OCI instances, OCI Cloud Databases and OCI Functions to make API calls - Level 1 (Manual) | | | | | no data |
|  💼 1.15 Ensure storage service-level admins cannot delete resources they manage. - Level 1 (Manual) | | | | | no data |
|  💼 1.16 Ensure OCI IAM credentials unused for 45 days or more are disabled (Automated) | | | | | no data |
|  💼 1.17 Ensure there is only one active API Key for any single OCI IAM user (Automated) | | | 1 | | no data |
| 💼 2 Networking | 8 | 5 | 5 | | no data |
|  💼 2.1 Ensure no security lists allow ingress from 0.0.0.0/0 to port 22 - Level 1 (Automated) | | 1 | 1 | | no data |
|  💼 2.2 Ensure no security lists allow ingress from 0.0.0.0/0 to port 3389 - Level 1 (Automated) | | 1 | 1 | | no data |
|  💼 2.3 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 22 - Level 1 (Automated) | | 1 | 1 | | no data |
|  💼 2.4 Ensure no network security groups allow ingress from 0.0.0.0/0 to port 3389 - Level 1 (Automated) | | 1 | 1 | | no data |
|  💼 2.5 Ensure the default security list of every VCN restricts all traffic except ICMP within VCN - Level 1 (Automated) | | 1 | 1 | | no data |
|  💼 2.6 Ensure Oracle Integration Cloud (OIC) access is restricted to allowed sources. - Level 1 (Manual) | | | | | no data |
|  💼 2.7 Ensure Oracle Analytics Cloud (OAC) access is restricted to allowed sources - Level 1 (Manual) | | | | | no data |
|  💼 2.8 Ensure Oracle Autonomous Shared Databases (ADB) access is restricted to allowed sources - Level 1 (Manual) | | | | | no data |
| 💼 3 Compute | 3 | | 3 | | no data |
|  💼 3.1 Ensure Compute Instance Legacy Metadata service endpoint is disabled - Level 2 (Automated) | | | 1 | | no data |
|  💼 3.2 Ensure Secure Boot is enabled on Compute Instance - Level 2 (Automated) | | | 1 | | no data |
|  💼 3.3 Ensure In-transit Encryption is enabled on Compute Instance - Level 1 (Automated) | | | 1 | | no data |
| 💼 4 Logging and Monitoring | 18 | 1 | 2 | | no data |
|  💼 4.1 Ensure default tags are used on resources - Level 1 (Automated) | | | 1 | | no data |
|  💼 4.2 Create at least one notification topic and subscription to receive monitoring alerts - Level 1 (Automated) | | | | | no data |
|  💼 4.3 Ensure a notification is configured for Identity Provider changes - Level 1 (Automated) | | | | | no data |
|  💼 4.4 Ensure a notification is configured for IdP group mapping changes - Level 1 (Automated) | | | | | no data |
|  💼 4.5 Ensure a notification is configured for IAM group changes - Level 1 (Automated) | | | | | no data |
|  💼 4.6 Ensure a notification is configured for IAM policy changes - Level 1 (Automated) | | | | | no data |
|  💼 4.7 Ensure a notification is configured for user changes - Level 1 (Automated) | | | | | no data |
|  💼 4.8 Ensure a notification is configured for VCN changes - Level 1 (Automated) | | | | | no data |
|  💼 4.9 Ensure a notification is configured for changes to route tables - Level 1 (Automated) | | | | | no data |
|  💼 4.10 Ensure a notification is configured for security list changes - Level 1 (Automated) | | | | | no data |
|  💼 4.11 Ensure a notification is configured for network security group changes - Level 1 (Automated) | | | | | no data |
|  💼 4.12 Ensure a notification is configured for changes to network gateways - Level 1 (Automated) | | | | | no data |
|  💼 4.13 Ensure VCN flow logging is enabled for all subnets - Level 2 (Automated) | | | | | no data |
|  💼 4.14 Ensure Cloud Guard is enabled in the root compartment of the tenancy - Level 1 (Automated) | | 1 | 1 | | no data |
|  💼 4.15 Ensure a notification is configured for Oracle Cloud Guard problems detected - Level 1 (Automated) | | | | | no data |
|  💼 4.16 Ensure customer created Customer Managed Key (CMK) is rotated at least annually - Level 1 (Automated) | | | | | no data |
|  💼 4.17 Ensure write level Object Storage logging is enabled for all buckets - Level 2 (Automated) | | | | | no data |
|  💼 4.18 Ensure a notification is configured for Local OCI User Authentication (Automated) | | | | | no data |
| 💼 5 Storage | 3 | 4 | 5 | | no data |
|  💼 5.1 Object Storage | 3 | 3 | 3 | | no data |
|   💼 5.1.1 Ensure no Object Storage buckets are publicly visible. - Level 1 (Automated) | | 1 | 1 | | no data |
|   💼 5.1.2 Ensure Object Storage Buckets are encrypted with a Customer Managed Key (CMK). - Level 2 (Automated) | | 1 | 1 | | no data |
|   💼 5.1.3 Ensure Versioning is Enabled for Object Storage Buckets - Level 2 (Automated) | | 1 | 1 | | no data |
|  💼 5.2 Block Volumes | 2 | 1 | 2 | | no data |
|   💼 5.2.1 Ensure Block Volumes are encrypted with Customer Managed Keys (CMK). - Level 2 (Automated) | | 1 | 1 | | no data |
|   💼 5.2.2 Ensure boot volumes are encrypted with Customer Managed Key (CMK). - Level 2 (Automated) | | | 1 | | no data |
|  💼 5.3 File Storage Service | 1 | | | | no data |
|   💼 5.3.1 Ensure File Storage Systems are encrypted with Customer Managed Keys (CMK) - Level 2 (Automated) | | | | | no data |
| 💼 6 Asset Management | 2 | | 2 | | no data |
|  💼 6.1 Create at least one compartment in your tenancy to store cloud resources - Level 1 (Automated) | | | 1 | | no data |
|  💼 6.2 Ensure no resources are created in the root compartment - Level 1 (Automated) | | | 1 | | no data |