OCI-021 Oracle Cloud Infrastructure (OCI)

Compartment structure and IAM boundaries isolate workloads.

Compartment structure and IAM boundaries isolate workloads.

Domain
Oracle Cloud Infrastructure (OCI)
Area
Governance
Automated / manual
Manual

Risk if it fails

Flat structure = no blast-radius control.

If everything sits in one compartment with broad policies, compromising one workload exposes them all; good separation contains a breach to one area.

How Tess tests it

1 test — each concludes only on cited evidence.

Compartment structure and IAM boundaries isolate workloads.

Manual
Procedure
Review compartment hierarchy and policy scoping.

Read-only command 

oci iam compartment list --compartment-id <tenancy-ocid> --all --compartment-id-in-subtree true (then review)

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-003 A strong password policy is configured. OCI-004 Membership of the Administrators group is minimal.

Want Tess to test OCI-021 against your evidence?

Book a demo