Oracle^® Solaris 11.3 Security and Hardening Guidelines

Security Standards and Evaluations

The Oracle Solaris OS is certified to comply with two security standards, Common Criteria and FIPS 140-2.

FIPS 140-2 Level 1 Cryptography Validation

The Cryptographic Framework feature of Oracle Solaris is validated at FIPS 140-2, Level 1 for userland and kernel functions in the Oracle Solaris 11.3 SRU 5.6 release. The OpenSSL module that runs on Oracle Solaris 11.3 is also validated for FIPS 140-2. Any application that uses OpenSSL for its cryptography can use this validated module. For more information, see Using a FIPS 140-2 Enabled System in Oracle Solaris 11.3.

Oracle Solaris 11 Common Criteria EAL4+ Certification

Oracle Solaris 11 is certified under the Canadian Common Criteria Scheme at Evaluation Assurance Level 4 (EAL4) and augmented by flaw remediation (EAL4+). EAL4 is the highest level of evaluation mutually recognized by 26 countries under the Common Criteria Recognition Arrangement (CCRA).

The certification is for the Operating System Protection Profile (OSPP) and includes the following extended packages:

• Advanced Management

• Extended Identification and Authentication

• Labeled Security

• Virtualization

For information about the certification, see:

• Oracle Security Evaluations Matrix (https://www.oracle.com/technetwork/topics/security/security-evaluations-099357.html)

• The Common Criteria Recognition Arrangement (https://www.commoncriteriaportal.org/ccra/index.cfm?)

• Operating System Protection Profile (http://www.commoncriteriaportal.org/files/ppfiles/pp0067b_pdf.pdf)