Use the Oracle Solaris compliance utility to assess and report the compliance of a system to a known benchmark.
The Oracle Solaris compliance command maps the requirements of a benchmark to the code, file, or command output that verifies compliance to a specific requirement. Oracle SuperCluster currently supports two security compliance benchmark profiles:
Recommended – A profile based on the Center of Internet Security benchmark.
PCI-DSS – A profile that verifies Payment Card Industry Data Security Standard (PCI DSS) compliance requirements.
These profiling tools map security controls to the compliance requirements, and the resulting compliance reports can reduce significant auditing time. In addition, the compliance feature provides guides that contain the rationale for each security check, and the steps to fix a failed check. Guides can be useful for training and as guidelines for future testing. By default, guides for each security profile are created at installation. The SuperCluster Solaris administrator can add or change a benchmark and create a new guide.
These topics describe how to run compliance reports and describe FIPS-140 compliance: