U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Solaris 10 (SPARC and x86) Manual STIG Version 2, Release 3 Checklist Details (Checklist Revisions)

SCAP 1.2 Content:

Supporting Resources:


Target CPE Name
Oracle Solaris 10.0 cpe:/o:oracle:solaris:10.0 (View CVEs)

Checklist Highlights

Checklist Name:
Solaris 10 (SPARC and x86) Manual STIG
Checklist ID:
Version 2, Release 3
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

To improve consistency, efficiency, accuracy, and automation of our STIGs, we are moving towards the adoption of the Security Content Automation Protocol (SCAP). The move to an eXtensible Configuration Checklist Description Format (XCCDF) formatted STIG provides the ability for the consumption of the STIGs by the various automated assessment tools, such as Host Based Security System (HBSS). This content not only can be consumed by these tools, but can also provide the detailed information on how to assess the system to determine compliance with the STIG requirement. This automation is only possible when Open Vulnerability Assessment Language (OVAL) code is available for the check being performed. The STIGs will now be in extensible markup language (XML) format and include an XSL Transformations (XSLT) file to make the XML look more like a normal STIG. Some of the MS Word documents that were a part of the STIG will no longer be provided. There may be some MS Word documents included in the STIG zip file that contains introductory and background information that cannot be placed in the XML at this time. This would include such things as screen captures that help make the manual review process easier to understand. The STIG will be packaged in a zip file that contains numerous files. There will be a readme file included in the zip file which is unique to that particular STIG. The readme.txt file will document the specific files for that technology. Generally the following files will be included in the zip file (names may vary): Readme.txt - Important info about the files for the particular technology. STIG manual.xml - This is the STIG XML file that contains the manual check procedures. STIG benchmark-xccdf.xml - This is the STIG XML file that contains the automated check procedures, and not the manual procedures. This file is only included for technologies that contain OVAL checks. STIG.xsl - This is the transformation file that will allow the XML to be presented in a "human friendly" format. Technology Overview.doc or .pdf - This file will contain the introductory and background information, as well as screen captures, network diagrams, and other important information that could not be stored in the XML file. STIG-OVAL.xml - This file contains the detailed OVAL check code. This will only be provided if OVAL exists for the technology. STIG-CPE-OVAL.xml - This is OVAL code that will provide information to the tool onhow to check to see if the product being evaluated exists on the system. STIG-CPE-DICTIONARY.xml - This is the file that contains the CPE information about the product.

Checklist Role:

  • Server Operating System
  • Operating System

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.




Not provided.

Product Support:


Point of Contact:



Not provided.


Not provided.

Change History:

Version 1, Release 11 - 07 August 2015
Changed status from "Under Review" to "Final" - 04 - June 2015
Version 1, Release 7 - 25 July 2014 (SCAP 1.1 & XCCDF)
Version 1, Release 6 - 25 April 2014 (SCAP 1.1)
Version 1, Release 6 - 25 April 2014 (XCCDF only)
Version 1, Release 5 - 24 January 2014 (XCCDF only)
Version 1, Release 4 - 23 July 2013 (SCAP 1.0)
Version 1, Release 3 - 26 April 2013
Version 1, Release 2 - 25 January 2013
Version 1, Release 1 - 23 August 2012
Version 1, Release 0.6 - 04 June 2012
Version 1, Release 8 - 09 November 2014
Updated status to "Final" - 07 January 2015
Version 1, Release 9 - 28 January 2015
Version 1, Release 9 Benchmark - 28 January 2015
Changed status from "under review" to "final" - 11 September 2015
Version 1, Release 12 - 29 October 2015
Changed status from "Under Review" to "Final" - 29 December 2015
Version 1, Release 13 - 8 February 2016
3/15/2016 - Promote to Final
5/2/2016 - Version 1, Release 14
moved to FINAL - 6/7/2016
updated to - v1, r15 - 07/22/2016
Updated to FINAL - 09/12/2016
updated to v1, r16 - 10/28/2016
updated to FINAL - 12/07/2016
Updated to Ver 1, Rel 17 - 01/27/2017
Updated to FINAL - 03/13/2017
Updated to Version 1, Release 18 - 04/28/2017
Updated to FINAL - 05/30/2017
Updated URL to reflect change to the DISA website - http --> https
Updated to V1, R20 - 1/25/18
Updated to Version 1, Release 21 - 02/16/2018
Updated to FINAL - 3/18/2018
updated to v1,r22 - 4/25/18
Updated to FINAL - 5/25/18
Updated URLs - 8/30/19
updated resource title - 11/7/19
updated URLs per DISA - 1/21/2020
Updated URLs per DISA - 4/24/2020
Changed URLs - 8/4/2020
updated URLs - 10/27/2020
updated URL per DISA - 1/26/2021
added SCC links per DISA guidance - 4/20/2021
Updated resources per DISA - 4/29/21
Updated resources per DISA - 5/25/21
Updated SCC per DISA - 9/16/21
Updated SCC per DISA - 6/14/22
SCC - 10/13/22
Updated resource per DISA - 10/26/22
Updated resource per DISA - 10/26/22
Updated resource per DISA - 10/27/22


URL Description


Reference URL Description

NIST checklist record last modified on 10/28/2022