[BESAdmin-Announcements] IBM BigFix Compliance UPDATE: DISA STIG Checklist for Windows 2008 DC (site version 22), DISA STIG Checklist for Windows 2008 R2 DC (site version 22), CIS Checklist for Windows 2012 DC (site version 3), CIS Checklist for Windows 2012 R2 DC (site version 7) published 2017-03-01

Wed Mar 1 22:36:11 PST 2017

Product:
IBM BigFix Compliance 

Title: 
Updated Security Configuration Management (SCM) DISA STIG Checklist for 
Windows 2008 DC, DISA STIG Checklist for Windows 2008 R2 DC, CIS Checklist 
for Windows 2012 DC, CIS Checklist for Windows 2012 R2 DC sites

Security Benchmarks:
DISA Microsoft Windows 2008 DC STIG Benchmark, V6, R33
DISA Microsoft Windows 2008 R2 DC STIG Benchmark, V1, R19
CIS Microsoft Windows Server 2012 (non-R2) DC Benchmark, V2.0.0
CIS Microsoft Windows Server 2012 R2 DC Benchmark, V2.2.0

Published Sites:
DISA STIG Checklist for Windows 2008 DC, site version 22
DISA STIG Checklist for Windows 2008 R2 DC, site version 22
CIS Checklist for Windows 2012 DC, site version 3
CIS Checklist for Windows 2012 R2 DC, site version 7 
 (The site versions are provided for air-gap customers.)

Release Notes:
Changelist:
Fixed and improved the implementations for the following checks:

1.      For the above mentioned DISA sites:

·       For Rule "Reversible password encryption will be disabled", we 
fixed it by verifying that PDC settings are now reflected on DC and 
results are not set to none.

·       For Rule "The built-in Windows password complexity policy must be 
enabled", we fixed it by verifying that PDC settings are now reflected on 
DC and results are not set to none.

2.      For the above mentioned CIS sites:

·       For Rule "Ensure 'Store passwords using reversible encryption' is 
set to 'Disabled'?, we fixed it by verifying that PDC settings are now 
reflected on DC and results are not set to none.

·       For Rule "Ensure 'Password must meet complexity requirements' is 
set to 'Enabled'", we fixed it by verifying that PDC settings are now 
reflected on DC and results are not set to none.

Actions to take:
·       If you are already subscribed to this site, no action is needed.
·       To subscribe to the above sites, you can use the License Overview 
Dashboard to enable and gather the sites. Note that you must be entitled 
to the BigFix Compliance product and you must be using IBM BigFix version 
9.2 and later. 

Details:
·       Both analysis and remediation checks are included
·       Some of the checks allow you to use the parameterized setting to 
enable customization for compliance evaluation. Note that parameterization 
and remediation actions require the creation of a custom site. 

To know more about IBM BigFix Compliance SCM checklists, please see
·       IBM Developer Works: 
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists 

·       IBM Blog for Checklist Release Announcement: 
https://www.ibm.com/developerworks/community/groups/service/html/community/updates?communityUuid=a1a33778-88b7-452a-9133-c955812f8910&filter=all 

·       BigFix forums: 
https://forum.bigfix.com/c/release-announcements/compliance 

We hope you find this latest release of SCM content useful and effective. 
Thank you!

-- The IBM BigFix Compliance team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20170302/9f3dac6b/attachment.html>