Systems that comply with security standards provide more secure computing environments, and are easier to test, maintain, and protect. Oracle Solaris provides scripts that assess and report the compliance of your Oracle Solaris system to two security benchmarks: Solaris Security Benchmark and Payment Card Industry-Data Security Standard (PCI DSS).
Compliance assessment is critical for validating system compliance to external and internal security policies. The handling of security compliance and auditing requirements accounts for a large percent of IT security spending, including documentation and reports, and the validation itself. Organizations such as banks, hospitals, and governments have specialized compliance requirements. Auditors who are unfamiliar with an operating system can struggle to match security controls with requirements. Therefore, tools that map security controls to requirements can reduce time and costs by assisting auditors.
Compliance assessment is based on scripts. The scripts follow the Security Content Automation Protocol (SCAP), written in Open Vulnerability and Assessment Language (OVAL). The SCAP implementation in Oracle Solaris also supports scripts that conform to the Script Check Engine (SCE). These scripts add security checks that the current OVAL schemas and probes do not provide.
For information about the SCAP set of tools that support the compliance command, see the oscap(8) man page. To display the version of the SCAP set of tools, issue the oscap -V command.
Additional scripts can be used to meet other regulatory environment standards, such as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley (SOX), and the Federal Information Security Management Act (FISMA). For links to these standards, see Compliance Reference.