Go to main content

Oracle® Solaris 11.4 Compliance Guide

Exit Print View

Updated: August 2021
 
 

Compliance Glossary

assessment

In compliance terminology, a measurement of the compliance of a system against a benchmark or profile.

benchmark

In compliance terminology, a security standard against which to measure the compliance of a system. Also called a security benchmark. The solaris benchmark and PCI DSS are two benchmarks.

Common Vulnerabilities and Exposure

A reference method for publicly known security vulnerabilities in networked computer systems. This international list of vulnerabilities is kept by the Mitre Corporation.

Enterprise Health Check

A benchmark that determines how compliant your system is with Oracle Solaris 11.4 best practices. Best practices include highlighting legacy software that is targeted for removal in an upcoming Oracle Solaris 11.4 Support Repository Update (SRU).

metadata

In compliance terminology, a keyword=value pair or tag that identifies an assessment. Assessments always run with system tags, and users can add their own tags. Later, users can select, identify, copy, list, and delete assessments according to their metadata.

pick screen

An instance of a TUI, a textual user interface. The pick screen is an editor that is implemented in the curses programming language. It provides a GUI-like interface on a text-only device, such as a console or a hardware ANSI terminal.

policy

Generally, a plan or course of action that influences or determines decisions and actions. Specifically, compliance policy is the selection of a benchmark or profile or tailoring that reflects the security compliance requirements for a system. You check the compliance of your system against the policy.

profile

In compliance terminology, a refinement of a benchmark. The Recommended and Baseline profiles are refinements of the solaris benchmark.

report

In compliance terminology, a display of the results of an assessment. Compliance reports can be in text, html, or xml format.

roster

In compliance terminology, a script that identifies assessments to run on remote systems.

Systems can be collected into roster groups, and attributes such as policy can be assigned at the roster, group, and node scopes. When run, a roster assesses compliance on its included systems asynchronously from the local system.

tailoring

A customized version of a benchmark or profile against which to measure the compliance of a system. Customers create tailorings to verify the security policy of particular systems more accurately than a benchmark or profile can.

variable values

In compliance terminology, a set of alternate values for a compliance rule where the rule's value is coded as a variable. Customers can modify the variable's value in a rule in a tailoring to better assess the security posture of the system.