Sun Ray 4 Security Checklist Version 1 Release 2 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
Oracle Sun Ray Software 4.0 cpe:/a:oracle:sun_ray_software:4.0 (View CVEs)
Oracle Sun Ray Software 5.2 cpe:/a:oracle:sun_ray_software:5.2 (View CVEs)
Oracle Sun Ray Virtual Display Client 2 cpe:/h:oracle:sun_ray_virtual_display_client:2 (View CVEs)
Oracle Sun Ray Virtual Display Client 270 cpe:/h:oracle:sun_ray_virtual_display_client:270 (View CVEs)
Oracle Sun Ray Virtual Display Client 3 cpe:/h:oracle:sun_ray_virtual_display_client:3 (View CVEs)
Oracle Sun Ray Virtual Display Client 3 Plus cpe:/h:oracle:sun_ray_virtual_display_client:3_plus (View CVEs)
Oracle Sun Ray Virtual Display Client 3i cpe:/h:oracle:sun_ray_virtual_display_client:3i (View CVEs)

Checklist Highlights

Checklist Name:
Sun Ray 4 Security Checklist
Checklist ID:
Version 1 Release 2
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The Sun Ray Server Checklist will be used when reviewing the Sun Ray Servers and Desktop Units. The Sun Ray solution enables users to perform tasks remotely on a server. This architecture places all the applications and data on the servers, where the data is more secure than on a traditional laptop or desktop computer. In contrast to other client-server models, which typically utilize combinations of remote and local operating systems, applications, memory, and storage, the Sun Ray computing model moves all computing to a server. Instead of storing data and doing computation on the desktop, the Sun Ray model simply passes input and output data between Sun Ray Desktop Units and the Sun Ray server, where the operating system and applications are located.

Checklist Role:

  • Client / Server

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive 8500.1 and DoDI 8500.2


The requirements to perform a Sun Ray Server SRR are as follows: - Sun Ray Server SRR Checklist - A comprehensive list of checks that provide step-by-step procedures on performing a Sun Ray Server SRR. The checklist may be downloaded from the IASE web site located at or the DKO website located at - User access to the Vulnerability Management System (VMS) which is located at - The review team conducting the Sun Ray SRR will need the following personnel to review all the components: 1. A UNIX reviewer to perform a UNIX SRR on the Solaris/Linux Sun Ray Server. 2. An application reviewer to perform an application services security review on apache tomcat located on the Sun Ray Server. 3. A network reviewer to review the Sun Ray network infrastructure. A network review should be conducted since the Sun Ray system relies upon this component for functionality. 4. A traditional reviewer to review the physical security. A traditional review should be conducted to ensure the physical security is in compliance since all the data will be located in one central location.


Not provided.

Product Support:

Not provided.

Point of Contact:


Not provided.


Not provided.

Change History:

Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 1.1 - 26 March 2009
Updated "Point of Contact" - 15 January 2015
Updated URL to reflect change to the DISA website - http --> https
Retired by DISA - 5/16/2018


URL Description Sun Ray 4 Security Checklist Release Memo


Reference URL Description

NIST checklist record last modified on 05/16/2018