Oracle ERP / HCM Cloud is an evolving suite of applications. Most organizations that consider implementing an ERP/HCM Cloud likely believe the “foundation” of the applications are solid.  Unfortunately, that is not the case.  We currently track over 200 enhancement requests that we, and others, have submitted.  However, there are some significant gaps for public and private organizations, especially those that need this highest level of security via Oracle’s FedRamp offering.

Big Wins with Big Rewards for Oracle Customers

Because security is a top priority, we have logged roughly 90 enhancements to improve the FedRamp. One of the most significant “wins” was the implementation of logging for enabling and disabling Audit Policies delivered by Oracle in release 21D. You can check out that “Idea” posted for both tracking of functional audit policies and tracking of Oracle Fusion applications audit policies. 

Still a Critical Need for Oracle FedRamp Customers

After a recent review for a FedRamp customer, we identified seven significant gaps that impact compliance with CMMC requirements and FedRamp certification. These gaps affect key security configurations and remain a challenge for all Oracle ERP/HCM Cloud users.

The gaps are as follows: 

• Updates/Deletions of Users 

• Changes to Inactive Flag on Users 

• Password Requirement Configuration 

• User Groups / Categories 

• Single Sign-On Configurations 

• Role Delegations 

• Password Notification Templates 

Discover True Highest-Level Security for Your Business

We’ve compiled a detailed list of these seven security gaps, along with links for Oracle customers to vote for these critical enhancements. You can view and support these requests by accessing the list here:

Seven gaps for FedRamp vs CMMC requirements

Feel free to simply view them or vote for them – Oracle customers can use all the support possible for getting these enhancements implemented! 

If you are unaware of these gaps and are tasked with addressing your organization’s compliance, cyber security, data security, fraud, or operational controls, please consider setting up a meeting with us.  ERP Risk Advisors is the premier expert for ERP / HCM Cloud in the identification, management, and mitigation of risks.  We can help you “get clean” and “stay clean” with our highly trained, experienced, and credentialed US-based resources.