DoD uses Solaris Security Toolkit

If you are a part of the US DoD you may remember my earlier blog entry (July 2007) in which I posted customizations to the Solaris Security Toolkit designed to help secure a computer in compliance with DISA Security Guidelines.  Although I haven't done any additional work since that time, Aaron Lippold of DISA took my work and extended it to increase compliance and updated it to more recent versions of DISA STIGs.

Aaron recently notified me that his modifications have now been posted on Forge.mil.

Forge.mil is a family of services provided to support the DoD's technology development community. The system currently enables the collaborative development and use of open source and DoD community source software. These initial software development capabilities are growing to support the full system life-cycle and enable continuous collaboration among all stakeholders including developers, testers, certifiers, operators, and users.

This is great news because it provides a way for the DoD community to collaborate together to make the tool better for everyone. If you are a DoD employee or contractor with a Common Access Card (CAC) you can access this project at https://software.forge.mil/sf/projects/dodsst/.

Join the community, download the tools, contribute changes and make your life generally better by using the Toolkit and DoDSST project to secure your Solaris 10 environment quicker, in an automated and more reproducible fashion.

 I'd like to thank Aaron for the hard work he has done and for his iniative in creating this project for the good of the US Government.

Comments:

Hi Jim, Is there any place where I can find the procedure and software to CaC-Enable Solaris 10 X86 machines please ?

We are trying to comply with the 2-Factor authentication requirement for JITC Certification.

thanks

Immanuel

Posted by Immanuel on March 20, 2013 at 12:28 PM EDT #

Enabling Solaris to support CAC PKI authentication generally requires software from a security vendor such as ActivIdenty along with their recommended CAC card reader. I have no standard method for doing this.

Posted by Jim Laurent on March 21, 2013 at 03:52 PM EDT #

This effort seems to have disappeared from the earth.

How is the government managing NIST/DISA/800-53/A123/etc controls?

Posted by Bill on June 17, 2013 at 07:33 PM EDT #

Bill,

With regard to NIST 800-53 controls, DISA has created an OS Security Resource Guide defining actions that an operating system should perform. New DISA STIGs are being written which implement and conform to the SRG. I'm personally working on the Solaris 11 STIG based on the OS SRG. It is a slow and painful process but is moving forward.

Posted by Jim Laurent on June 18, 2013 at 09:24 AM EDT #

I'm glad to hear there's hope. I guess I'm stuck with CIS-based manual hardening until then.

Thanks!

Posted by Bill on June 21, 2013 at 02:00 AM EDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today