Critical FedRamp Enhancements Needed by Oracle for ERP / HCM Cloud

Critical FedRamp Enhancements Needed by Oracle for ERP / HCM Cloud

in Blog Article by Jeff Hare

Oracle ERP / HCM Cloud is an evolving suite of applications. Most organizations considering implementing ERP/HCM Cloud probably believe the “foundation” of the applications is solid.  Unfortunately, that is still not the case.  We currently track over 200 enhancement requests that we and others have submitted.  There are some significant gaps for public and private organizations, especially those that need this highest level of security via Oracle’s FedRamp offering.

Big Wins with Big Rewards for Oracle Customers

We have logged about 90 enhancements related to security and controls. One of the most significant “wins” was the implementation of logging over the enabling and disabling of Audit Policies delivered by Oracle in release 21D. You can check out that “Idea” posted for both tracking of functional audit policies and tracking of Oracle Fusion applications audit policies. 

Still a Critical Need for Oracle FedRamp Customers

We recently revisited the outstanding gaps for a FedRamp customer and identified seven significant remaining gaps that are critical to CMMC requirements and FedRamp certification.  These still outstanding gaps revolve around the logging of key configurations and are relevant to all customers

The gaps are as follows: 

  • Updates/Deletes of Users 
  • Changes to Inactive Flag on Users 
  • Password Requirement Configuration 
  • User Groups / Categories 
  • Single Sign-On Configurations 
  • Role Delegations 
  • Password Notification Templates 

Discover True Highest-Level Security for Your Business

You can download a list of all seven gaps for Fedramp vs CMMC requirements with links to “vote” for them. Feel free to simply view them or vote for them – Oracle customers can use all the support possible for getting these enhancements implemented! 

If you are unaware of these gaps and are tasked with addressing your organization’s compliance, cyber security, data security, fraud, or operational controls, please consider setting up a meeting with us.  ERP Risk Advisors is the premier expert for ERP / HCM Cloud in the identification, management, and mitigation of risks.  We can help you “get clean” and “stay clean” with our highly trained, experienced, and credentialed US-based resources. 

Share this post:
ERPRA Become Our Partner

Please select your preferred datasheet and download it: