CIS Solaris 10 Security Benchmark Support

On Tuesday, Sun issued a press release titled, "Sun Announces Plan for Trusted Extensions for Solaris 10, the Most Secure Operating System on the Planet". Hidden somewhat discretely within this release (for reasons not entirely clear to me) was the following:

Support for CIS Benchmark

Sun has also extended support services for Solaris 10 OS deployments that adhere
to the Center for Internet Security (CIS) Benchmark. Named "best benchmarking 
effort" by Information Security Magazine, CIS Benchmarks are developed through 
a global consensus process involving hundreds of security professionals to 
determine best-practice security configurations. The CIS Level-I Benchmark for
the Solaris 10 OS is a compilation of security configuration actions and settings
introduced in March 2005. As a result of a close partnership between Sun and the
members of CIS, Solaris 10 Service Plan customers who now implement the CIS
security recommendations will have Sun support for their resulting configurations.
Complementing Sun's freely available Solaris Security Toolkit, CIS will also
introduce a Scoring Tool for the Solaris 10 OS later this month, giving users a
quick and easy way to evaluate systems and compare their security configuration
against the CIS Benchmark criteria. 

This is actually quite an important announcement!

A number of us have been working with the Center for Internet Security, or CIS, for years in an effort to promote more consistent and complete Solaris security recommendations and to better align their Solaris Security Benchmarks with our recommendations. In fact, the CIS Solaris 10 Security Benchark represents the highest level of collaboration and sharing to date. Together, we were able to develop and publish the updated Benchmark document before the GA of Solaris 10 (last year).

This announcement takes our relationship one step further by ensuring customers who implement the Solaris 10 Security Benchmark from CIS can receive support from Sun (under the Solaris 10 Service Plan). This is the first time that Sun has publically announced support for Solaris security recommendations (other than those documented in the Sun BluePrints program). Certainly this is a natural step that stems from our work over the last few years.

I believe that this is another great example of collaboration between vendors (Sun in this case) and members of academia, industry and government. We have all come together for the sole purpose of developing and sharing recommended security practices. By working together in this fashion, we have been able to generate more complete, consistent and supportable advice that will benefit Solaris users and administrators around the world.

This is participation and sharing in action!

Technorati Tag:

Comments:

Post a Comment:
Comments are closed for this entry.
About

gbrunett

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today