An error occurred:

Check: SOL-11.1-020020

Solaris 11 SPARC STIG: SOL-11.1-020020 (in versions v2 r10 through v1 r10)

Title

The system must verify that package updates are digitally signed. (Cat II impact)

Discussion

Digitally signed packages ensure that the source of the package can be identified.

Check Content

Determine what the signature policy is for pkg publishers: # pkg property | grep signature-policy Check that output produces: signature-policy verify If the output does not confirm that signature-policy verify is active, this is a finding.

Fix Text

The Software Installation Profile is required. Configure the package system to ensure that digital signatures are verified. # pfexec pkg set-property signature-policy verify

Additional Identifiers

Rule ID: SV-219969r854532_rule

Vulnerability ID: V-219969

Group Title: SRG-OS-000366

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000352

The information system prevents the installation of organization-defined critical software programs that are not signed with a certificate that is recognized and approved by the organization.
CCI-001749

The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5 (3)

Signed Components