Added to Mac OS X checklist UT note #9 information about the Lingon graphical interface for editing launchd configuration files.

Updated checklist for Microsoft Windows 2003.

Changed wording in step 10 from "SAM Accounts and Shares" to "SAM accounts".

Updated steps 10 and 11 to reference Minimum Security Standards for Systems document section 5.5.

Updated steps 39 and 40 to reference Minimum Security Standards for Systems document sections 5.8 and 5.6, respectively.

Added text to note 8 reflecting consequences to event log reaching maximum size and new events not being logged.

Added text to note 37 regarding options for single-file/folder encryption and the availability of whole-disk encryption.

Minor grammar corrections and style updates.

Updated checklist for Red Hat Linux.

Updated Center for Internet Security Red Hat Linux Benchmark from v1.0.4 to v1.1 and associated CIS reference numbers.

Removed Step 7: Consider installing Bastille UNIX.

Added Steps 10 (Disable unused standard boot services) and 17 (Creating warning banner for GUI login).

Clarified that Step 7 refers to xinetd or inetd.

In Addendum Note 11 change "ITS Telecommunications and Networking" to "ITS Networking".

Various other minor language clarifications.

Updated checklist for Solaris 10.

Updated Center for Internet Security Solaris 10 Benchmark from v2.1.1 to v4.0 and associated CIS reference numbers.

Added Step 10: Log all failed login attempts.

Removed Steps: Confirm permissions on system log files, Prevent email server from listening on external interfaces, If host is not a logserver prevent Syslog from accepting messages from network.

Merged links to Sun Connection Update Manager in UT Note Addendum #2.

Changed text in UT Note Addendum #3 from "Sun Update Manager" to "Sun Connection Update Manager".

Added OSSEC as a free alternative to Tripwire in UT Note Addendum #31.

The term "Multifunction Printer (MFP)" has been replaced with the more common industry term "Multifunction Device (MFD)" and text and references have been updated accordingly.

Steps 3, 7, and 13 have been changed from optional for Cat-I MFDs to required. These changes were made as these steps are specific to printer functionality whereas the original minimum standards were written with servers in mind. Furthermore, each step references a specific DISA MDF section and does not place additional burden on administrators as the specified features are already available on newer models of MFDs.

Note 3 was updated to specify that sensitive MFDs should be considered for their own VLAN.

Note 13 was given updated terminology, replacing the term "wipe" with "securely erase" and changing the "additional" security kit to an "option" security kit.

Note 3: "Consider placing MFPs on their own VLAN..."

Note 13: "Some MFPs may include the ability to wipe job-related files in between jobs. Others might require an additional security kit from the manufacturer."

Updated Center for Internet Security Mac OS X Benchmark from v1.02 for Panther to v1.0 for Leopard and associated CIS reference numbers.

Created "Installation and core Mac OS X" section incorporating existing "OS Foundation" section.

Added "Account Configuration" section.

Removed step 2 regarding Bastille UNIX and step 7 regarding logcheck, as well as accompanying notes.

Added steps 6 - 7 and 11 - 17, as well as accompanying notes.

In note 10, added notations regarding ipfw GUI options and Mac OS X Leopard application based firewall and removed notation regarding Norton Personal Firewall.

In note 19, added Truecrypt as a candidate for secure storage solution.

Please see the previous version of this document.

Checklists and log moved from ITS Web site to ISO Web site and converted to HTML.

Typo referring to "Category II/II" data changed to "Category II/III" data.

Link to SANS Gold Paper on Multifunction devices added to MFP hardening checklist.

Multi-function printer checklist: Updated standard # 7 to say "Ensure the MFP maintains its configuration state after power-down or reboot. If a full reset is performed, ensure that a process is in place to reconfigure the MFP back to its production state."

Updated UT Note # 18 with the following: "When a vendor is working on the MFP, the vendor's work is monitored to ensure that security measures are not removed during the course of troubleshooting. If they are removed, they must be put back in place."

#7: "Ensure the MFP maintains its configuration state after power-down or reboot."

Note 18: New list item.

Updated various links to ITS content to reflect changes to file locations after ITS site redesign.

Changed UT Note 14 from Mac OS X checklist, UT Note 20 in Redhat-Linux, UT Note 33 in Solaris 10, and Windows 2003 UT Note 38 to reflect that ITS Software Distribution and Sales no longer carries Tripwire.

Corrected name of ITS Networking in Solaris 10 UT Note 36 and Windows 2003 UT Note 30.

"(ITS Software Distribution & Sales carries Tripwire, but the commercial version is not available for the Mac OS. There is an open source version, however.)"

"Tripwire is available from Software Distribution & Sales for a nominal charge. The Tripwire management console, which is also available from SDS for a nominal charge, can be very helpful for managing more complex installations."

"ITS Telecommunications and Networking"

Edited the checklists to reflect language consistent with the Minimum Security Standards for Systems, practice 5.7.

http://security.utexas.edu/admin/macosx.html; Step 12

http://security.utexas.edu/admin/redhat-linux.html; Step 19

http://security.utexas.edu/admin/solaris10.html; Step 32

http://security.utexas.edu/admin/win2003.html; Step 38