Solaris 11 compliance with DISA Security guidance
By user12611852 on Dec 01, 2011
This article should not be construed as a statement of compliance by Oracle or by DISA. It is simply the result of a casual review of Solaris 11 against current DISA Security Guidelines
Some of my dedicated readers (I know you're out there) remember that back in Janauary of this year, I reviewed Solaris 11 for compliance to the DISA Security Technical Implementation Guidelines (STIGs). The STIGs are written by DISA and used by the DoD community to ensure that systems are secured properly before connecting to the network.
With the release of Solaris 11 in November, I decided to update the document.
Update: Thanks to Darren Moffat's comments I've updated the document as of 12/9/11.
Download the PDF document to review
The great news is that the one item that I listed as RED in January has been fixed in the release of Solaris 11. At that time, the installation scripts did not provide any way for /var to be mounted as a separate file systems as required by the scripts. The default installation now automatically sets of /var as a separate ZFS data set.