OCI-012 Oracle Cloud Infrastructure (OCI)

Default security list of each VCN restricts traffic.

Default security list of each VCN restricts traffic.

Domain
Oracle Cloud Infrastructure (OCI)
Area
Networking
Automated / manual
Manual

Risk if it fails

Defaults often left permissive.

Resources placed in the default list inherit whatever it allows; if that is wide open, they are silently exposed without anyone intending it.

How Tess tests it

1 test — each concludes only on cited evidence.

Default security list of each VCN restricts traffic.

Manual
Procedure
Review default security list ingress rules.

Read-only command 

Manual — review each VCN's default security list and confirm no broad 0.0.0.0/0 ingress.

More in Oracle Cloud Infrastructure (OCI)

OCI-001 MFA is enforced for all IAM users, especially administrators. OCI-002 Customer secret keys / API keys are rotated regularly (<=90 days). OCI-003 A strong password policy is configured. OCI-004 Membership of the Administrators group is minimal.

Want Tess to test OCI-012 against your evidence?

Book a demo