Systems that comply with security standards provide more secure computing environments, and in addition are easier to test, maintain, and protect. In this release, Oracle Solaris provides scripts that assess and report the compliance of your Oracle Solaris system to two security benchmarks, Solaris Security Benchmark and Payment Card Industry-Data Security Standard (PCI DSS).
Configuration validation to support system compliance to external and internal security policies is critical. The handling of security compliance and auditing requirements accounts for a large percent of IT security spending, including documentation, reports, and the validation itself. Organizations such as banks, hospitals, and governments have specialized compliance requirements. Auditors who are unfamiliar with an operating system can struggle to match security controls with requirements. Therefore, tools that map security controls to requirements can reduce time and costs by assisting auditors.
The compliance scripts are based on the Security Content Automation Protocol (SCAP) written in Open Vulnerability and Assessment Language (OVAL). The SCAP implementation in Oracle Solaris also supports scripts that conform to the Script Check Engine (SCE). These scripts add security checks that the current OVAL schemas and probes do not provide. Additional scripts can be used to meet other regulatory environment standards, such as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley (SOX), and the Federal Information Security Management Act (FISMA). For links to these standards, see Compliance Reference.