Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Request a copy of all the Sun Ray infrastructure documentation. Documentation must include all routers, switches, servers (Solaris, Windows), applications (such as Citrix XenApp and Sun Ray Software), Sun Ray Desktop Units, IP addresses, and any third party applications. If the documentation does not include all of these components, this is a finding.
Develop up-to-date documentation for the Sun Ray infrastructure.
Request a copy of the user registration documentation from the IAO/SA. Review the document for step by step procedures in registering users in the Sun Ray System.
Develop Sun Ray system user registration documentation.
Ask the IAO/SA to provide actual update notification or email to verify that they are on the subscription list. The email subscription for Sun is the SunSolve Patch Club Report and it is sent out weekly by Sun. If no emails or documentation can be provided, this is a finding.
Access Sun Microsystem's website and update your profile by going to subscriptions and select the SunSolve Patch Club Report. This will ensure you get emails on all new and updated patches through SunSolve.
Request a copy of the documentation that lists all approved applications. If unapproved applications are published to users that are not on the list, this is a finding. If no list exists, this is a finding.
Document and approve all published applications running on the Sun Ray network.
Ask the IAO/SA what applications are running on the SRSS. Besides the documented UNIX services, the SRSS may have the following running as part of the Sun Ray solution and these are not applicable to this check: - DHCP Server - Sun Ray Connector for Windows OS
Remove all applications that are not required for the SRSS.
Critical Sun Ray log files are the administration, authentication, automatic mounting, mass storage devices, messages, and web administration. These logs are listed below. Ask the IAO/SA if Sun Ray logs are reviewed weekly. # ls-lL /var/opt/SUNWut/log | less admin_log auth_log utmountd.log utstoraged.log messages utwebadmin.log If these logs are being written to an external syslog server, ask the IAO/SA if these are reviewed weekly.
Review Sun Ray logs at a minimum weekly.
Ask for a copy of the site’s Continuity of Operations Planning (COOP). Verify the Sun Ray system is specifically mentioned in the plan. Ensure the plan addresses the restoration of the Sun Ray system within 24 hours of activation of the COOP. Additionally, ensure that the Sun Ray system restoration is validated at least annually as part of the normal COOP testing process. If any of these requirements is not met, this is a finding.
Add the Sun Ray system to the COOP.
Request a copy of the procedures to backup the Sun Ray system. If the documentation cannot be produced, this is a finding.
Produce backup documentation for the Sun Ray system.
Ask the IOA/SA to show you where the spare Desktop Units are located in case of a failure. If no spares exist, this is a finding.
Purchase a spare Desktop Unit in case of a failure.
Ask to see the documented configuration management process for Sun Ray system. Ensure that the plan includes a site Configuration Control Board (CCB). If a plan that includes a CCB exists, this is not a finding. If a plan exists but does not include a CCB or there is not a plan, this is a finding.
Implement a configuration management process for the Sun Ray system.
If either inbound or outbound traffic to the Sun Ray server is leaving the local enclave, verify that the server has been registered in the Ports and Protocols (PNP) database (https://pnp.cert.smil.mil) for the site. If it not registered this is a finding. If the traffic is completely contained within the local enclave, this requirement does not apply.
Register all Sun Ray traffic that is leaving the local enclave in the PNP database for the site.