| DISA_STIG_Solaris_10_SPARC_v2r4.audit from DISA Solaris 10 SPARC v2r4 STIG | |
| GEN000000-SOL00020 - The nosuid option must be configured in the /etc/rmmount.conf file. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00040 - The /etc/security/audit_user file must not define a different auditing level for specific users. | AUDIT AND ACCOUNTABILITY |
| GEN000000-SOL00060 - The /etc/security/audit_user file must be owned by root. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00080 - The /etc/security/audit_user file must be group-owned by root, sys, or bin. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00100 - The /etc/security/audit_user file must have mode 0640 or less permissive. | AUDIT AND ACCOUNTABILITY |
| GEN000000-SOL00110 - The /etc/security/audit_user file must not have an extended ACL. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.high | ACCESS CONTROL |
| GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.low | ACCESS CONTROL |
| GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.med | ACCESS CONTROL |
| GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliases | ACCESS CONTROL |
| GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty. | ACCESS CONTROL |
| GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlist | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlist | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN000000-SOL00240 - The /usr/aset/userlist file must be owned by root. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00250 - The /usr/aset/userlist file must be group-owned by root. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00260 - The /usr/aset/userlist file must have mode 0600 or less permissive. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00270 - The /usr/aset/userlist file must not have an extended ACL. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00300 - The Solaris system EEPROM security-mode parameter must be set to full or command mode. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00400 - The NFS server must have logging implemented - NFS_SERVER_VERSMAX | AUDIT AND ACCOUNTABILITY |
| GEN000000-SOL00400 - The NFS server must have logging implemented. | AUDIT AND ACCOUNTABILITY |
| GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system. | ACCESS CONTROL |
| GEN000000-SOL00440 - The root account must be the only account with GID of 0. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00540 - The /etc/zones directory, and its contents, must be owned by root - /etc/zones | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00540 - The /etc/zones directory, and its contents, must be owned by root - /etc/zones/* | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00560 - The /etc/zones directory, and its contents, must be group-owned by root, sys, or bin - /etc/zones | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00560 - The /etc/zones directory, and its contents, must be group-owned by root, sys, or bin - /etc/zones/* | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00580 - The /etc/zones directory, and its contents, must not be group- or world-writable - /etc/zones | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00580 - The /etc/zones directory, and its contents, must not be group- or world-writable - /etc/zones/* | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00600 - The /etc/zones directory, and its contents, must not have an extended ACL. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00620 - The inherit-pkg-dir zone option must be set to none or the system default list defined for sparse root zones. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00640 - The limitpriv zone option must be set to the vendor default or less permissive. | CONFIGURATION MANAGEMENT |
| GEN000000-SOL00660 - The physical devices must not be assigned to non-global zones. | CONFIGURATION MANAGEMENT |
| GEN000020 - The system must require authentication upon booting into single-user and maintenance modes. | ACCESS CONTROL |
| GEN000100 - The operating system must be a supported release. | CONFIGURATION MANAGEMENT |
| GEN000120 - System security patches and updates must be installed and up-to-date. | CONFIGURATION MANAGEMENT |
| GEN000140 - A file integrity baseline must be created and maintained. | CONFIGURATION MANAGEMENT |
| GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries. | CONFIGURATION MANAGEMENT |
| GEN000240 - The system clock must be synchronized to an authoritative DoD time source. | AUDIT AND ACCOUNTABILITY |
| GEN000241 - The system clock must be synchronized continuously. | CONFIGURATION MANAGEMENT |
| GEN000242 - The system must use at least two time sources for clock synchronization - service ntp server 1 | AUDIT AND ACCOUNTABILITY |
| GEN000242 - The system must use at least two time sources for clock synchronization - service ntp server 2 | AUDIT AND ACCOUNTABILITY |
| GEN000244 - The system must use time sources local to the enclave. | AUDIT AND ACCOUNTABILITY |
| GEN000250 - The time synchronization configuration file (such as /etc/ntp.conf) must be owned by root. | CONFIGURATION MANAGEMENT |
| GEN000251 - The time synchronization configuration file (such as /etc/ntp.conf) must be group-owned by root, bin, or sys. | CONFIGURATION MANAGEMENT |
| GEN000252 - The time synchronization configuration file (such as /etc/ntp.conf) must have mode 0640 or less permissive. | ACCESS CONTROL |
| GEN000253 - The time synchronization configuration file (such as /etc/ntp.conf) must not have an extended ACL. | CONFIGURATION MANAGEMENT |
