IBM BigFix Compliance: Updated DISA STIG Checklist for Solaris 11, published 2017-6-22

IBM BigFix Compliance

Updated DISA STIG Checklist for Solaris 11 to support a more recent version of benchmark

Security Benchmark:
Solaris 11 STIG Version 1, Release 11

Published Sites:
DISA STIG Checklist for Solaris 11, site version 4
(The site version is provided for air-gap customers.)


• SOL-11.1-020350 Added /etc/rc*/* files to be checked.
• SOL-11.1-070130 Added sshd to list of system users.
• SOL-11.1-080030 Only check for aslr being enabled in sxadm output.
• SOL-11.1-100020 Exclude any Kernel zones found from the list of
local zones.
• SOL-11.1-040315 Newly added.
• SOL-11.1-040316 Newly added.
• DISA has also updated various fixlet descriptions.

• Both analysis and remediation checks are included

• Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site.

Actions to take:
• If you are already subscribed to this site, no action is needed.

• To subscribe to the above site, you can use the License Overview Dashboard to enable and gather the site. Note that you must be entitled to the BigFix Compliance product and you must be using IBM BigFix version 9.2 and later.

More information:
To know more about the IBM BigFix Compliance SCM checklists, please see the following resources:
• IBM Developer Works:!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists

• IBM BigFix Blog:

• IBM BigFix Forum:

We hope you find this latest release of SCM content useful and effective. Thank you!

– The IBM BigFix Compliance team