Add Oracle Database Security Architect skill. First commit.

This commit is contained in:
Rodrigo Pace
2026-05-08 11:26:19 -03:00
commit 678f53801a
8 changed files with 380 additions and 0 deletions

View File

@@ -0,0 +1,40 @@
# Compliance Mapping
Use this language to map technical controls to audit objectives. Do not claim that a product alone makes an environment compliant.
## GDPR and LGPD
- Data minimization: Data Masking and Subsetting reduces personal data exposure in non-production and analytics environments.
- Security of processing: TDE, OKV, Database Vault, AVDF, Data Safe, and least privilege support confidentiality, integrity, monitoring, and accountability.
- Access governance: Database Vault separation of duties, user assessment, privilege review, and audit evidence support accountability.
- Breach investigation: AVDF/Data Safe audit trails, alerting, and SQL activity records support forensic review.
## PCI-DSS
- Protect stored cardholder data: TDE plus strong key management with OKV supports encryption at rest and key lifecycle requirements.
- Restrict access by need to know: Database Vault, least privilege, and optional Label Security or VPD patterns support access restriction.
- Track and monitor access: Unified Audit, AVDF, Data Safe auditing, Database Firewall, reports, and SIEM forwarding support monitoring requirements.
- Test security systems: PoC acceptance tests, firewall policy validation, key rotation tests, and audit report review provide evidence.
## HIPAA
- Access control: least privilege, Database Vault, and user assessment support access control safeguards.
- Audit controls: AVDF, Data Safe activity auditing, and unified audit policies support auditability.
- Integrity and transmission controls: pair database controls with application, network, and platform controls; database security does not replace TLS or application safeguards.
- Encryption: TDE and OKV support addressable encryption safeguards for data at rest.
## SOX
- Change and privileged access controls: Database Vault command rules, realms, AVDF monitoring, and audit reports support segregation of duties and privileged activity oversight.
- Evidence: scheduled reports, immutable audit storage practices, SIEM forwarding, and documented review workflows support control attestation.
- Data integrity: use database auditing, access controls, and controlled administrative procedures around financial reporting systems.
## Evidence Artifacts
- Architecture diagram with control ownership.
- List of protected schemas/tables/columns and data classification.
- TDE wallet or OKV key management policy.
- Database Vault realm, rule set, command rule, and factor inventory.
- Audit policies, retention settings, reports, and sample alerts.
- Masking definitions, subsetting criteria, and refresh procedure.
- Exceptions, residual risks, and compensating controls.