We are a red hat 7 shop running Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit.
> uname -a
Linux ba-prod-db 3.10.0-1062.9.1.el7.x86_64 #1 SMP Mon Dec 2 08:31:54 EST 2019 x86_64 x86_64 x86_64 GNU/Linux
> cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.7 (Maipo)
> sysctl crypto.fips_enabled
crypto.fips_enabled = 1
Database STIGs require FIPS be on in the database. They basically say put SSLFIPS_140=TRUE in a fips.ora. But I cannot find any discussions on best practices.
What is the guidance on enabling FIPS in the database when it is enabled in the OS? Are they in conjunction with each other? Compatible? One or the other?
I'm looking for direction instead of blindly turning things on without understanding.