A Secure Turnover to Customer
To ensure security of systems delivered to our customers and to satisfy Oracle policies, all passwords must be owned by the customer once transfer of ownership of systems has occurred.
Secure Turnover Process
Three key requirements address the fundamental principles of the secure turnover process:
- Oracle passwords will not remain on fielded systems.
- Oracle passwords will not be revealed to customers.
- Customer passwords will not be known by Oracle.
Goals of the Secure Turnover Process
Following are the goals of the password handoff process:
- The Oracle installer sets passwords at the start of the installation process to unique values (passwords exclusively known and used by the Oracle installer, meeting the password complexity rules required by the system).
- Following installation, the customer sets all passwords to values known only by the customer.
Secure Turnover Procedure
Perform the following steps for secure system turnover:
- System servers are installed by Oracle personnel using common USB or tar file deliverables and installation procedures. The passwords set by the Oracle installer are known only to Oracle.
- Following installation, the Oracle installer and authorized customer agent log into each EAGLE and change the password to the authorized operational setting for the customer. The Oracle passwords must remain known only to Oracle, and the customer passwords must be known only by the customer.
- Following the entry of the new passwords by the customer agent, the Oracle installer attempts to log in to each server using the previously known password. This should result in a failed login attempt verifiable in the server logs.
- The customer agent again logs in to each account using the new customer passwords to verify success with the new customer passwords.