Solaris 11 X86 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
All manual editing of system-relevant files shall be done using the pfedit command, which logs changes made to the files.
Editing a system file with common tools such as vi, emacs, or gedit does not allow the auditing of changes made by an operator. This reduces the capability of determining which operator made securi...Rule Low Severity -
The operating system must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.
In the case of denial of service attacks, care must be taken when designing the operating system so as to ensure that the operating system makes the best use of system resources.Rule Medium Severity -
The audit system must identify in which zone an event occurred.
Tracking the specific Solaris zones in the audit trail reduces the time required to determine the cause of a security event.Rule Low Severity -
The operating system must monitor for unauthorized connections of mobile devices to organizational information systems.
Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., noteb...Rule Medium Severity -
The audit system must alert the System Administrator (SA) if there is any type of audit failure.
Proper alerts to system administrators and Information Assurance (IA) officials of audit failures ensure a timely response to critical system issues.Rule High Severity -
The operating system must employ automated mechanisms, per organization-defined frequency, to detect the addition of unauthorized components/devices into the operating system.
Addition of unauthorized code or packages may result in data corruption or theft.Rule Medium Severity -
The operating system must disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction.
Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., noteb...Rule Medium Severity -
The operating system must employ cryptographic mechanisms to recognize changes to information during transmission unless otherwise protected by alternative physical measures.
Ensuring that transmitted information is not altered during transmission requires the operating system take feasible measures to employ transmission layer security. This requirement applies to comm...Rule Medium Severity -
The operating system must protect the confidentiality of transmitted information.
Ensuring the confidentiality of transmitted information requires the operating system take feasible measures to employ transmission layer security. This requirement applies to communications across...Rule Medium Severity -
The operating system must employ cryptographic mechanisms to protect information in storage.
When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and d...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.