Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must require passwords to change the boot device settings. (SPARC)
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-216454 | SOL-11.1-080130 | SV-216454r959010_rule | Low |
| Description |
|---|
| Setting the EEPROM password helps prevent attackers who gain physical access to the system console from booting from an external device (such as a CD-ROM or floppy). |
| STIG | Date |
|---|---|
| Solaris 11 SPARC Security Technical Implementation Guide | 2024-05-30 |
Details
| Check Text ( C-17690r371450_chk ) |
|---|
| This check applies only to SPARC-based systems. This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. Determine if the EEPROM security mode on SPARC-based systems is configured correctly. # eeprom security-mode If the output of this command is not "security-mode=command", this is a finding. |
| Fix Text (F-17688r371451_fix) |
|---|
| The root role is required. This action applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this action applies. # eeprom security-mode=command After entering the command above, the administrator will be prompted for a password. This password will be required to authorize any future command issued at boot-level on the system (the ok or > prompt) except for the normal multi-user boot command (i.e., the system will be able to reboot unattended). Write down the password and store it in a secure location. |