DISA STIG Solaris 11 X86 v2r10

Audit Details

Name: DISA STIG Solaris 11 X86 v2r10

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 218

File Details

Filename: DISA_STIG_Solaris_11_v2r10.audit

Size: 588 kB

MD5: f8910044d1c4e26924fa3a1c8ed0536f
SHA256: b629f596da3fb62a4c844dc90c91abd03b39fbfa036d867235c66b903decf8fc

Audit Items

DescriptionCategories
DISA_STIG_Solaris_11_v2r10.audit from DISA Solaris 11 x86 v2r10 STIG
SOL-11.1-010040 - The audit system must produce records containing sufficient information to establish the identity of any user/subject associated with the event.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010060 - The audit system must support an audit reduction capability.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010070 - The audit system records must be able to be used by a report generation capability.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010080 - The operating system must provide the capability to automatically process audit records for events of interest based upon selectable, event criteria.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010100 - The audit records must provide data for all auditable events defined at the organizational level for the organization-defined information system components.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010120 - The operating system must generate audit records for the selected list of auditable events as defined in DoD list of events.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010130 - The operating system must support the capability to compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within organization-defined level of tolerance.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010140 - Audit records must include what type of events occurred.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010150 - Audit records must include when (date and time) the events occurred.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010160 - Audit records must include where the events occurred.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010170 - Audit records must include the sources of the events that occurred.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010180 - Audit records must include the outcome (success or failure) of the events that occurred.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010220 - The audit system must be configured to audit file deletions.

CONFIGURATION MANAGEMENT

SOL-11.1-010230 - The audit system must be configured to audit account creation.

ACCESS CONTROL

SOL-11.1-010250 - The audit system must be configured to audit account modification.

ACCESS CONTROL

SOL-11.1-010260 - The operating system must automatically audit account disabling actions.

ACCESS CONTROL

SOL-11.1-010270 - The operating system must automatically audit account termination.

ACCESS CONTROL

SOL-11.1-010290 - The operating system must ensure unauthorized, security-relevant configuration changes detected are tracked.

CONFIGURATION MANAGEMENT

SOL-11.1-010300 - The audit system must be configured to audit all administrative, privileged, and security actions.

CONFIGURATION MANAGEMENT

SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation.

ACCESS CONTROL

SOL-11.1-010320 - The audit system must be configured to audit all discretionary access control permission modifications.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010330 - The audit system must be configured to audit the loading and unloading of dynamic kernel modules.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010340 - The audit system must be configured to audit failed attempts to access files and programs.

CONFIGURATION MANAGEMENT

SOL-11.1-010350 - The operating system must protect against an individual falsely denying having performed a particular action. In order to do so the system must be configured to send audit records to a remote audit server.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010360 - The auditing system must not define a different auditing level for specific users.

CONFIGURATION MANAGEMENT

SOL-11.1-010370 - The audit system must alert the SA when the audit storage volume approaches its capacity.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010380 - The audit system must alert the System Administrator (SA) if there is any type of audit failure.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010390 - The operating system must alert designated organizational officials in the event of an audit processing failure.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010400 - The operating system must allocate audit record storage capacity.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010410 - The operating system must configure auditing to reduce the likelihood of storage capacity being exceeded.

AUDIT AND ACCOUNTABILITY

SOL-11.1-010420 - The operating system must shut down by default upon audit failure (unless availability is an overriding concern).

AUDIT AND ACCOUNTABILITY

SOL-11.1-010440 - The operating system must protect audit information from unauthorized access.

AUDIT AND ACCOUNTABILITY

SOL-11.1-020010 - The System packages must be up to date with the most recent vendor updates and security fixes.

CONFIGURATION MANAGEMENT

SOL-11.1-020020 - The system must verify that package updates are digitally signed.

CONFIGURATION MANAGEMENT

SOL-11.1-020030 - The operating system must protect audit tools from unauthorized access.

AUDIT AND ACCOUNTABILITY

SOL-11.1-020040 - The operating system must protect audit tools from unauthorized modification.

AUDIT AND ACCOUNTABILITY

SOL-11.1-020050 - The operating system must protect audit tools from unauthorized deletion.

AUDIT AND ACCOUNTABILITY

SOL-11.1-020080 - System packages must be configured with the vendor-provided files, permissions, and ownerships.

AUDIT AND ACCOUNTABILITY

SOL-11.1-020090 - The finger daemon package must not be installed.

CONFIGURATION MANAGEMENT

SOL-11.1-020100 - The legacy remote network access utilities daemons must not be installed.

CONFIGURATION MANAGEMENT

SOL-11.1-020110 - The NIS package must not be installed.

CONFIGURATION MANAGEMENT

SOL-11.1-020120 - The pidgin IM client package must not be installed.

CONFIGURATION MANAGEMENT

SOL-11.1-020130 - The FTP daemon must not be installed unless required.

CONFIGURATION MANAGEMENT

SOL-11.1-020140 - The TFTP service daemon must not be installed unless required.

CONFIGURATION MANAGEMENT

SOL-11.1-020150 - The telnet service daemon must not be installed unless required.

CONFIGURATION MANAGEMENT

SOL-11.1-020160 - The UUCP service daemon must not be installed unless required.

CONFIGURATION MANAGEMENT

SOL-11.1-020170 - The rpcbind service must be configured for local only services unless organizationally defined.

CONFIGURATION MANAGEMENT

SOL-11.1-020180 - The VNC server package must not be installed unless required.

CONFIGURATION MANAGEMENT

SOL-11.1-020190 - The operating system must employ automated mechanisms, per organization-defined frequency, to detect the addition of unauthorized components/devices into the operating system.

CONFIGURATION MANAGEMENT