[BESAdmin-Announcements] NEW USGCB Win7 Tivoli Endpoint Manager security compliance content available! + DISA UNIX & FDCC Windows Patch Release

[Announcements for BES Administrators]

Dear BESAdmin Community,


**NEW Release**

IBM is pleased to announce the availability of the new security 
configuration management checklists for Tivoli Endpoint Manager for 
Security and Compliance. The new checklists, based on guidance provided by 
NIST through the United States Government Configuration Baseline (USGCB), 
is:

- USGCB Checklist for Windows 7

This content site provides specific OS checks in addition to the 
previously released USGCB checklists for:

- USGCB Checklist for Internet Explorer 8
- USGCB Checklist for Windows 7 Energy
- USGCB Checklist for Windows 7 Firewall
 
This content contains security configuration checks that evaluate and, if 
desired, remediate the security settings of your endpoints according the 
USGCB configuration baselines designed "to improve and maintain effective 
configuration settings focusing primarily on security" (
http://usgcb.nist.gov/). As with most of the existing SCM content in the 
Tivoli Endpoint Manager for Security and Compliance library, most checks 
include a corresponding analysis property to report actual values (not 
just pass/fail), and most checks have a parameterized setting enabling 
simple customization for compliance evaluation and remediation.

In addition to the new sites, the following existing sites have been 
updated to be compatible with the new content:
- BES Support

ACTIONS TO TAKE
All customers that currently license the Tivoli Endpoint Manager for 
Security and Compliance product, the BigFix SCMv3 solution module, the 
BigFix SCVM solution pack, or the BigFix SLM+SCVM solution bundle are 
entitled to the new content. If you are using BES 8.0 or Tivoli Endpoint 
Manager 8.1 and you are entitled to the new content, you may use the 
License Overview dashboard to enable and gather the sites. If you are 
running BES 7.x and you are currently licensed for Tivoli Endpoint Manager 
for Security and Compliance, BigFix SCVM, BigFix SLM+SCVM, or BigFix SCM 
v3, please contact ibmtemlicensing at lotus.com for access to the new 
mastheads.

**PATCH Release**

The Security and Compliance team at IBM has modified the content within 
the UNIX System checklists to enable parameterization for GEN000540a in 
the RHEL Sites:

- DISA STIG Checklist for RHEL 3
- DISA STIG Checklist for RHEL 4
- DISA STIG Checklist for RHEL 5
- SCM Checklist DISA STIG on Redhat 3
- SCM Checklist DISA STIG on Redhat 4
- SCM Checklist DISA STIG on Redhat 5



BigFix has modified the content within the FDCC Security Configuration 
Management checklist sites. 

SCM Checklist for FDCC on Windows XP
 * ID: 9000         Security Patches Up-To-Date – Updated to reflect the 
SCAP-expressed data stream updated by NIST on 7.5.2011.

SCM Checklist for FDCC on Internet Explorer 7
* ID: 9000          Security Patches Up-to-Date – Updated to reflect the 
SCAP-expressed data stream updated by NIST on 7.5.2011.
 
SCM Checklist for FDCC on Windows Vista
* ID: 9000          Security Patches Up-to-Date – Updated to reflect the 
SCAP-expressed data stream updated by NIST on 7.5.2011.

Although unlikely that baselines are being used with Security 
Configuration Management content BES administrators are encouraged to 
verify open actions and synchronize baselines that contain the modified 
content.  Instructions for synchronizing baselines can be found here: 
http://support.bigfix.com/cgi-bin/kbdirect.pl?id=401.  Please contact 
BigFix Technical Support if you have any questions regarding this change.



We hope you find this latest release of SCM content useful and effective. 
Thank you!

  -- The Tivoli Endpoint Manager for Security and Compliance product team





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20110713/e3650b04/attachment.htm