Security Policy

The phrase security policy, or policy, is used throughout this book to refer to an organization's security guidelines. Your site's security policy is the set of rules that define the sensitivity of the information that is being processed and the measures that are used to protect the information from unauthorized access. Security technologies such as Solaris Secure Shell, authentication, RBAC, authorization, privileges, and resource control provide measures to protect information.

Some security technologies also use the word policy when describing specific aspects of their implementation. For example, Solaris auditing uses audit policy options to configure some aspects of auditing policy. The following table points to glossary, man page, and information on features that use the word policy to describe specific aspects of their implementation.

Table 1–1 Use of Policy in the Solaris OS

Glossary Definition	Selected Man Pages	Further Information
audit policy	audit_control(4), audit_user(4), auditconfig(1M)	Chapter 28, Solaris Auditing (Overview)
policy in the cryptographic framework	cryptoadm(1M)	Chapter 13, Solaris Cryptographic Framework (Overview)
device policy	getdevpolicy(1M)	Controlling Access to Devices
Kerberos policy	krb5.conf(4)	Chapter 25, Administering Kerberos Principals and Policies (Tasks)
network policies	ipfilter(5), ifconfig(1M), ike.config(4), ipsecconf(1M), routeadm(1M)	Part III, IP Security, in System Administration Guide: IP Services
password policy	passwd(1), nsswitch.conf(4), crypt.conf(4), policy.conf(4)	Maintaining Login Control
policy for public key technologies	kmfcfg(1)	Chapter 15, Solaris Key Management Framework
RBAC policy	rbac(5)	exec_attr Database