IBM BigFix Compliance
Updated Security Configuration Management (SCM) DISA STIG Checklist for Solaris 11
Solaris 11 SPARC Manual STIG, V1, R8
- IBM is pleased to announce the availability of an updated Security Configuration Management (SCM) checklist for IBM BigFix Compliance. The checklist is based on DISA STIG Solaris 11, V1, R8
- This checklist contains a number of checks to evaluate the security configurations of your Solaris 11 endpoints based on the STIG. Both analysis and and remediation checks are included.
- Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site.
DISA STIG Checklist for Solaris 11, site version 3
*The site version is provided for air-gap customers.
- SOL-11.1-010400 Check that p_minfree is not equal to 2 or greater.
- SOL-11.1-020140 Check for service /service/network/tftp.
- SOL-11.1-020160 Check for service /service/network/uucp.
- SOL-11.1-040030 Check for minimum days less than 1.
- SOL-11.1-040170 Allow for less than or equal time intervals.
- SOL-11.1-050090 The check is slightly different if OS level is > 5.11.1.
- SOL-11.1-050470 This check now does more detailed analysis of the
- settings, please see the documentation for details.
- SOL-11.1-070080 Users gdm and upnp only excluded if no gui installed.
- SOL-11.1-070090 No longer excludes the following users: nobody,
- noaccess, aiuser, nobody4. Remediation has been removed since by
- default the home directory for these users is / and you would end up
- with one of them owning it unless you give those users their own home
- SOL-11.1-070130 Added ikeuser to SYSTEM_ACCOUNTS in params file.
- SOL-11.1-080040 Coreadm may now allow logging to be enabled.
- SOL-11.1-100020 If the output of zonecfg has a setting for limitpriv and
- it is not "default" then that is a finding.
Actions to Take:
If you have not subscribed to the site above, you can use the License Overview dashboard to enable and gather the site. Note that you must be entitled to the new content and you are using IBM BigFix version 9.2 and later.
To know more about IBM BigFix Compliance SCM checklists, please see
We hope you find this latest release of SCM content useful and effective. Thank you!
-- The IBM BigFix Compliance team