By Larry Wake on May 10, 2013
First off, we have a new paper on achieving compliance with security standards using Oracle Solaris 11:
This paper specifically takes a look at how customers can use Oracle Solaris 11's extensive security features to comply with Payment Card Industry (PCI) security practices--as you can imagine, customers who need to deal with this want to make sure it's done right. However, the practices it covers are applicable to most any sort of regulatory standards, including SOX, HIPAA, and whatever else your particular auditors might throw your way. This paper was put together by Oracle Solaris engineering in conjunction with a PCI auditor. If you have any feedback on this, be sure to add a comment below; I'll make sure the right people see it.
Meanwhile, Oracle Solaris security expert Glenn Faden, aka "Trusted Blogger," has come out with several new posts. A couple in particular are based on requests for an explanation of the differences between the security models in Oracle Solaris and other environments such as AppArmor and SELinux.
- Oracle Solaris Extended Policy and MySQL, as the name implies, describes how to install software with fine-grained policy granularity.
- Permissive and Restricted Policies explains Oracle Solaris privileges and the nomenclature surrounding them, and how that compares and contrasts with Linux capabilities.