In the magical world that is the US Dept of Defence we use DISA's "Security Technical Implementation Guide" (STIG), against which standards DISA test using various scripts and whatnot.
Exceptions are made where justifiable.
So I made it back on the list, I have a question for you all about DB security. There seems to be a lot of talk about DB security, but not a lot of action. Is that true, and if it is true why don't customers act? There are products out there to check for DB security, how are they doing? Does any body on this list use them?
Please share your thoughts and comments,
-- Anjo Kolk Owner and Founder OraPerf Projects tel: +31-577-712000 mob: +31-6-55340888