During a review of Solaris controls, we identified four CIDs that have not been converted from "integer" data type to "list string" data type. The current "integer" data type does not allow you to modify the umask value with a leading "0" (i.e., 067). The following controls will be converted on July 15:
3371 Status of the 'UMASK' setting in '/etc/profile'
3372 Status of the 'UMASK' setting in '/etc/default/login'
3374 Permissions set for the 'UMASK' setting in the '/etc/.login' directory
3589 Status of the 'defumask' setting in the '/etc/ftpd/ftpaccess' file
After the conversion, the default value will be "umask 077". This value will also be the expected value in your policies. If you modified your expected value from the default value of "077", you will need to update your policies. For example, if your expected value is "277", your new expected value should be updated to "umask 277". Since these values are now "list string" data type, you can also use regular expressions in the expected values.