System Administration Guide: Security Services

Security Policy

The phrase security policy, or policy, is used throughout this book to refer to an organization's security guidelines. Your site's security policy is the set of rules that define the sensitivity of the information that is being processed and the measures that are used to protect the information from unauthorized access. Security technologies such as Solaris Secure Shell, authentication, RBAC, authorization, privileges, and resource control provide measures to protect information.

Some security technologies also use the word policy when describing specific aspects of their implementation. For example, Solaris auditing uses audit policy options to configure some aspects of auditing policy. The following table points to glossary, man page, and information on features that use the word policy to describe specific aspects of their implementation.

Table 1–1 Use of Policy in the Solaris OS

Glossary Definition 

Selected Man Pages 

Further Information 

audit policy

audit_control(4), audit_user(4), auditconfig(1M)

Chapter 28, Solaris Auditing (Overview)

policy in the cryptographic framework


Chapter 13, Solaris Cryptographic Framework (Overview)

device policy


Controlling Access to Devices

Kerberos policy


Chapter 25, Administering Kerberos Principals and Policies (Tasks)

network policies

ipfilter(5), ifconfig(1M), ike.config(4), ipsecconf(1M), routeadm(1M)

Part IV, IP Security, in System Administration Guide: IP Services

password policy

passwd(1), nsswitch.conf(4), crypt.conf(4), policy.conf(4)

Maintaining Login Control

policy for public key technologies


Chapter 15, Solaris Key Management Framework

RBAC policy


exec_attr Database