By Parnian Taidi-Oracle on Jan 12, 2016
In a recent blogs we talked about end-to-end security with Oracle Solaris 11, SPARC M7 and the ISV Ecosystem and one of the main elements: the built-in Solaris 11 compliance tools.
Organizations such as banks, hospitals, and governments have specialized compliance requirements. Auditors, who are unfamiliar with an operating system, can struggle to match security controls with requirements. Therefore, tools that map security controls to requirements can reduce time and costs by assisting auditors.
Oracle Solaris 11 lowers the cost and effort of compliance management by designing security features to easily meet worldwide compliance obligations; documenting and mapping technical security controls for common requirements like PCI-DSS to Oracle Solaris technologies. The simple-to-use tool Oracle Solaris compliance tool provides users with not only reporting but also simple instructions on how to mitigate any compliance test failure. It also provides compliance report templates.
Available since release 11.2, Oracle Solaris provides scripts that assess and report the compliance of Oracle Solaris to two security benchmarks:
- Oracle Solaris Security Benchmark and
- Payment Card Industry-Data Security Standard (PCI-DSS).
The new command, compliance (1M), is used to run system assessments against security/compliance benchmarks and to generate HTML reports from those assessments. The reports indicate which system tests failed and which passed, and they provide any corresponding remediation steps.
A new whitepaper introduces the compliance report on Oracle Solaris and provides information and best practices on how to assess and report the compliance of an Oracle Solaris system to security standards for SAP Installations. The procedure in this whitepaper was tested on an Oracle Solaris global zone, non-global zone, kernel zone, Oracle SuperCluster, Oracle Solaris Cluster, as well as various SAP Advanced Business Application Programming (ABAP) and Java releases with Oracle Database 11g and 12g. The document concludes with information on an additional new SAP benchmark for SAP applications with special security requirements. Read the whitepaper for details. There is also a related SAP note 2114056 "Solaris compliance tool for SAP installation" published (requires SAP login).