STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Solaris 11 x86 Security Technical Implementation Guide

V-216240

CAT II (Medium)

The systems physical devices must not be assigned to non-global zones.

Rule ID

SV-216240r603268_rule

STIG

Solaris 11 x86 Security Technical Implementation Guide

Version

V2R10

CCIs

SV-60715

Discussion

Solaris non-global zones can be assigned physical hardware devices. This increases the risk of such a non-global zone having the capability to compromise the global zone.

Check Content

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

List the non-global zones on the system.

# zoneadm list -vi | grep -v global

List the configuration for each zone.

# zonecfg -z [zonename] info | grep dev

Check for device lines. If such a line exists and is not approved by security, this is a finding.

Fix Text

This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

The Zone Security profile is required:

Remove all device assignments from the non-global zone. 

# pfexec zonecfg -z [zone] delete device [device]