By gbrunett on Feb 15, 2006
On Tuesday, Sun issued a press release titled, "Sun Announces Plan for Trusted Extensions for Solaris 10, the Most Secure Operating System on the Planet". Hidden somewhat discretely within this release (for reasons not entirely clear to me) was the following:
Support for CIS Benchmark Sun has also extended support services for Solaris 10 OS deployments that adhere to the Center for Internet Security (CIS) Benchmark. Named "best benchmarking effort" by Information Security Magazine, CIS Benchmarks are developed through a global consensus process involving hundreds of security professionals to determine best-practice security configurations. The CIS Level-I Benchmark for the Solaris 10 OS is a compilation of security configuration actions and settings introduced in March 2005. As a result of a close partnership between Sun and the members of CIS, Solaris 10 Service Plan customers who now implement the CIS security recommendations will have Sun support for their resulting configurations. Complementing Sun's freely available Solaris Security Toolkit, CIS will also introduce a Scoring Tool for the Solaris 10 OS later this month, giving users a quick and easy way to evaluate systems and compare their security configuration against the CIS Benchmark criteria.
This is actually quite an important announcement!
A number of us have been working with the Center for Internet Security, or CIS, for years in an effort to promote more consistent and complete Solaris security recommendations and to better align their Solaris Security Benchmarks with our recommendations. In fact, the CIS Solaris 10 Security Benchark represents the highest level of collaboration and sharing to date. Together, we were able to develop and publish the updated Benchmark document before the GA of Solaris 10 (last year).
This announcement takes our relationship one step further by ensuring customers who implement the Solaris 10 Security Benchmark from CIS can receive support from Sun (under the Solaris 10 Service Plan). This is the first time that Sun has publically announced support for Solaris security recommendations (other than those documented in the Sun BluePrints program). Certainly this is a natural step that stems from our work over the last few years.
I believe that this is another great example of collaboration between vendors (Sun in this case) and members of academia, industry and government. We have all come together for the sole purpose of developing and sharing recommended security practices. By working together in this fashion, we have been able to generate more complete, consistent and supportable advice that will benefit Solaris users and administrators around the world.
This is participation and sharing in action!