Checklist Summary:

The Sun Ray Server Checklist will be used when reviewing the Sun Ray Servers and Desktop Units. The Sun Ray solution enables users to perform tasks remotely on a server. This architecture places all the applications and data on the servers, where the data is more secure than on a traditional laptop or desktop computer. In contrast to other client-server models, which typically utilize combinations of remote and local operating systems, applications, memory, and storage, the Sun Ray computing model moves all computing to a server. Instead of storing data and doing computation on the desktop, the Sun Ray model simply passes input and output data between Sun Ray Desktop Units and the Sun Ray server, where the operating system and applications are located.

Checklist Role:

• Client / Server

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive 8500.1 and DoDI 8500.2

Comments/Warnings/Miscellaneous:

The requirements to perform a Sun Ray Server SRR are as follows: - Sun Ray Server SRR Checklist - A comprehensive list of checks that provide step-by-step procedures on performing a Sun Ray Server SRR. The checklist may be downloaded from the IASE web site located at http://iase.disa.mil or the DKO website located at https://www.us.army.mil/suite/portal/index.jsp. - User access to the Vulnerability Management System (VMS) which is located at https://vms.disa.mil/ - The review team conducting the Sun Ray SRR will need the following personnel to review all the components: 1. A UNIX reviewer to perform a UNIX SRR on the Solaris/Linux Sun Ray Server. 2. An application reviewer to perform an application services security review on apache tomcat located on the Sun Ray Server. 3. A network reviewer to review the Sun Ray network infrastructure. A network review should be conducted since the Sun Ray system relies upon this component for functionality. 4. A traditional reviewer to review the physical security. A traditional review should be conducted to ensure the physical security is in compliance since all the data will be located in one central location.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 1.1 - 26 March 2009
Updated "Point of Contact" - 15 January 2015
null
Updated URL to reflect change to the DISA website - http --> https
Retired by DISA - 5/16/2018

Dependency/Requirements:

URL	Description
https://iase.disa.mil/stigs/Documents/sun_ray_4_checklist_memo.pdf	Sun Ray 4 Security Checklist Release Memo

References:

Reference URL	Description

NIST checklist record last modified on 05/16/2018