The Center for Internet SecurityThe Center for Internet Security Site MapContact UsPrivacy Policy
The Center for Internet Security
HomeNewsWhat is CIS?Benchmarks/ToolsOther ResourcesJoin UsTestimonialsFAQ
CIS Members site

Become a Member of CIS - Click here for more info

More than 170 members, from around the wrold! Click here for more info

Get Involved - Click here for more info



CIS certifies commercial software. Click here for more info

CIS licenses resources for commercial use. Click here for more info.

click here to find out about CIS trademarks.

Click here to find out about upcoming conferences and events!

 Benchmarks/Tools
CIS Level-1 Benchmark and
Scoring Tool for Solaris		 - Click Here to Download Them
- FAQ - The Benchmarks
October 2007:

Now available on this website:

The Download Files:
  • CIS_Solaris_Benchmark_v4.0.tar.gz - this bundle includes the benchmark document with detailed instructions for implementing the steps necessary for CIS Level-I security on Solaris 10 11/06 and 8/07 systems, and an appendix with an overview of Solaris 10 OS Security Controls, in .tar.gz format.
  • CIS_Solaris_Benchmark_v4.0.zip - this bundle includes the benchmark document with detailed instructions for implementing the steps necessary for CIS Level-I security on Solaris 10 11/06 and 8/07 systems, and an appendix with an overview of Solaris 10 OS Security Controls, in .zip format.
  • cis_score_tool_solaris_v1.5.0.sh.Z - a Host-based Scoring Tool - scores the security of a system against the Benchmark and creates a variance report. This is for Solaris versions up through 9 ONLY and references settings in version 1.3 of the benchmark.
  • CIS_Solaris10_Benchmark_v2.1.2.tar.gz - this Benchmark document contains details instructions for implementing the steps necessary for CIS Level-1 secuirty on Solaris 10 systems ONLY. Package also includes do-backup.sh script referenced by the benchmark.
  • NG Scoring Tool for Solaris 10 - Host-based Scoring Tool for Solaris 10 systems, both Sparc and x86. There are three versions:
    • ng_scoring_tool-1.0-solaris.jar: this version requires Java to already be installed on the target system. For both Sparc and x86 systems.
    • ng_scoring_tool-1.0-solaris-sparc.bin: includes it's own JVM for Sparc Solaris systems. Does not require Java on the target system.
    • ng_scoring_tool-1.0-solaris-x86.bin: includes it's own JVM for Sparc x86 systems. Does not require Java on the target system.
    • Each package contains the tool, a PDF copy of the Benchmark document, and a PDF copy of the CIS NG Scoring Tool Users Manual. The Users Manual is also available as a separate download.

    Please see the README file included with the tool package for important information and instructions.

    IMPORTANT NOTES:
    The NG Scoring Tool package contains version 2.1.1 of the Solaris 10 Benchmark. Please download version 2.1.2 of the benchmark document and replace version 2.1.1.

    The NG Scoring Tool for Solaris 10 is command-line only; there is no GUI as with the NG Scoring Tool for Windows. Unlike Windows, there is no guarentee that a web browser is installed on the target Solaris system. Therefore, when the tool goes to launch one to view the reports, it generates an error. Based on early feedback, we chose to release the tool without the GUI support as none of our previous Unix tools had a GUI. However, if users feel that a GUI would be helpful, we would like to hear from you. See "Share your Feedback" below to learn how to contact us. Scoring Tool reports can still be viewed in a user-launched web browser.
The Benchmark and Scoring Tool software are non-invasive, "Read Only" files.
What are the Benchmark and Tool?
The Benchmark is a compilation of security configuration actions and settings that "harden" Solaris operating systems. It is a CIS Level-I Benchmark – the prudent level of minimum due care for operating system security.

Level-I Benchmark settings/actions:
  1. can be understood and performed by system administrators with any level of security knowledge and experience.
  2. are unlikely to cause an interruption of service to the operating system or the applications that run on it.
  3. can be automatically monitored either by CIS Scoring Tools or by CIS-certified tools available from software vendors. CLICK HERE for a roster of commercially available CIS-certified software tools. The CIS Scoring Tool for Solaris provides a quick and easy way to evaluate systems and compare their level of security against the CIS minimum due care security Benchmark. Tool reports guide system administrators to harden both new installations and active production systems. The tool is also effective for monitoring systems to assure that security settings continuously conform with the Benchmark.
Share Your Feedback
We value your feedback, which may be used both to update the Level-1 Benchmark and to further define Level-II security configurations. CIS Level-II Benchmarks enhance security beyond the minimum due care level, based on specific network architecture and server function.

Please direct your technical feedback to:

The CIS Feedback Email Address

Please direct other feedback to:

Bert Miuccio, Vice President

For more information about the CIS consensus process and the benchmarks, go to What are the Benchmarks? and FAQ - The Benchmarks.
Updates to the Benchmark and Tool
The CIS Level-1 Benchmark and Scoring Tool for Solaris will be updated periodically. Continuous feedback from CIS Members and other users assures that the consensus standard of minimum due care is always reflected in the Level-I settings. A revision history for this benchmark can be found in the benchmark itself.

One of the benefits of Center Membership is electronic notification when updates become available. Go to Membership Information

If your organization is not a member of The Center, visit this website periodically to assure that you are using the latest version of the Solaris Benchmark and Scoring Tool.

Click Here to see what Members say about The Center for Internet Security.

DOWNLOAD the Level-1 Benchmarks and Scoring Tool for Solaris



Logo and Design by Keiler
© 2005, the Center for Internet Security.