Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Some news items about the SANS TOP-20 release"] [Next entry: "Happy 20th birthday Windows"]

A DoD Security Guidelines document for databases

Today David Aldridge has posted on my Oracle security forum in a thread titled "DoD Security Guidelines for Databases" to let us all know that (Davids words)

"the DoD/DISA "Security Technical Implementation Guide" (STIG) is available as a pdf download and covers security for Oracle, DB2 and SQL Server.

It's pretty comprehensive and ought to be a reasonable reference for those starting out with database security."

The document is available from

I have not been able to download it myself yet as I am stuck in an internet club at Munich airport waiting for check-in to open for my flight home. If anyone has any useful comments on it I would be glad to hear in the forum thread above. Thanks again David for letting us know.