U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

Sun Ray 4 Security Checklist Version 1 Release 2 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Oracle Sun Ray Software 4.0 cpe:/a:oracle:sun_ray_software:4.0 (View CVEs)
Oracle Sun Ray Software 5.2 cpe:/a:oracle:sun_ray_software:5.2 (View CVEs)
Oracle Sun Ray Virtual Display Client 2 cpe:/h:oracle:sun_ray_virtual_display_client:2 (View CVEs)
Oracle Sun Ray Virtual Display Client 270 cpe:/h:oracle:sun_ray_virtual_display_client:270 (View CVEs)
Oracle Sun Ray Virtual Display Client 3 cpe:/h:oracle:sun_ray_virtual_display_client:3 (View CVEs)
Oracle Sun Ray Virtual Display Client 3 Plus cpe:/h:oracle:sun_ray_virtual_display_client:3_plus (View CVEs)
Oracle Sun Ray Virtual Display Client 3i cpe:/h:oracle:sun_ray_virtual_display_client:3i (View CVEs)

Checklist Highlights

Checklist Name:
Sun Ray 4 Security Checklist
Checklist ID:
367
Version:
Version 1 Release 2
Type:
Compliance
Review Status:
Final
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
03/26/2009

Checklist Summary:

The Sun Ray Server Checklist will be used when reviewing the Sun Ray Servers and Desktop Units. The Sun Ray solution enables users to perform tasks remotely on a server. This architecture places all the applications and data on the servers, where the data is more secure than on a traditional laptop or desktop computer. In contrast to other client-server models, which typically utilize combinations of remote and local operating systems, applications, memory, and storage, the Sun Ray computing model moves all computing to a server. Instead of storing data and doing computation on the desktop, the Sun Ray model simply passes input and output data between Sun Ray Desktop Units and the Sun Ray server, where the operating system and applications are located.

Checklist Role:

  • Client / Server

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive 8500.1 and DoDI 8500.2

Comments/Warnings/Miscellaneous:

The requirements to perform a Sun Ray Server SRR are as follows: - Sun Ray Server SRR Checklist - A comprehensive list of checks that provide step-by-step procedures on performing a Sun Ray Server SRR. The checklist may be downloaded from the IASE web site located at http://iase.disa.mil or the DKO website located at https://www.us.army.mil/suite/portal/index.jsp. - User access to the Vulnerability Management System (VMS) which is located at https://vms.disa.mil/ - The review team conducting the Sun Ray SRR will need the following personnel to review all the components: 1. A UNIX reviewer to perform a UNIX SRR on the Solaris/Linux Sun Ray Server. 2. An application reviewer to perform an application services security review on apache tomcat located on the Sun Ray Server. 3. A network reviewer to review the Sun Ray network infrastructure. A network review should be conducted since the Sun Ray system relies upon this component for functionality. 4. A traditional reviewer to review the physical security. A traditional review should be conducted to ensure the physical security is in compliance since all the data will be located in one central location.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History: 

Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 1.1 - 26 March 2009
Updated "Point of Contact" - 15 January 2015
null

Dependency/Requirements:

URL Description
http://iase.disa.mil/stigs/Documents/sun_ray_4_checklist_memo.pdf Sun Ray 4 Security Checklist Release Memo

References:

Reference URL Description

NIST checklist record last modified on 06/13/2017