[BESAdmin-Announcements] IBM BigFix Compliance: Updated CIS Checklist for Microsoft Windows 7, CIS Checklist for Windows 10, CIS Checklist for Windows 2012 R2 MS, CIS Checklist for Windows 2016 MS, CIS Checklist for Windows 2008 R2 MS published 2018-08-14

Wed Aug 15 11:43:31 PDT 2018

*Product: *
IBM BigFix Compliance

*Title: *
Updated CIS Checklist for Microsoft Windows 7, CIS Checklist for Windows 10,
 CIS Checklist for Windows 2012 R2 MS, CIS Checklist for Windows 2016 MS, CIS
Checklist for Windows 2008 R2 MS to fix bugs.

*Security Benchmarks: *
CIS Microsoft Windows 7 Benchmark, v3.0.0

CIS Microsoft Windows 10 Enterprise Release 1703 Benchmark, v1.3.0

CIS Microsoft Windows Server 2012 R2 Benchmark, v2.2.0

CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark, v1.0.0

CIS Microsoft Windows Server 2008 R2 Benchmark, v3.0.0

*Published Sites: *
CIS Checklist for Windows 7 site version 10

CIS Checklist for Windows 10 site version 7

CIS Checklist for Windows 2012 R2 MS site version 7

CIS Checklist for Windows 2016 MS site version 2

CIS Checklist for Windows 2008 R2 MS site version 6
*(The site version is provided for air-gap customers.)*

*Details:*

Fixed and improved implementation for the following checks:

·      xccdf_org.cisecurity.benchmarks_rule_19.5.1.1_L1_
Ensure_Turn_off_toast_notifications_on_the_lock_screen_is_set_to_Enabled.

·      xccdf_org.cisecurity.benchmarks_rule_19.1.3.4_L1_
Ensure_Screen_saver_timeout_is_set_to_Enabled_900_seconds_or_fewer_but_not_0

·      xccdf_org.cisecurity.benchmarks_rule_19.7.26.1_L1_
Ensure_Prevent_users_from_sharing_files_within_their_
profile._is_set_to_Enabled.

·      xccdf_org.cisecurity.benchmarks_rule_19.1.3.3_L1_
Ensure_Password_protect_the_screen_saver_is_set_to_Enabled

·      xccdf_org.cisecurity.benchmarks_rule_19.7.4.2_L1_
Ensure_Notify_antivirus_programs_when_opening_attachments_is_set_to_Enabled

·      xccdf_org.cisecurity.benchmarks_rule_19.1.3.2_L1_
Ensure_Force_specific_screen_saver_Screen_saver_executable_
name_is_set_to_Enabled_scrnsave.scr

·      xccdf_org.cisecurity.benchmarks_rule_19.1.3.1_L1_
Ensure_Enable_screen_saver_is_set_to_Enabled

·      xccdf_org.cisecurity.benchmarks_rule_19.7.4.1_L1_
Ensure_Do_not_preserve_zone_information_in_file_
attachments_is_set_to_Disabled

·      xccdf_org.cisecurity.benchmarks_rule_19.7.39.1_L1_
Ensure_Always_install_with_elevated_privileges_is_set_to_Disabled

The relevance is fixed to check only interactively logged on users instead
of matching all SIDs under HKU. The SID’s that don't log in interactively
are excluded.

*Actions to take:*

·       To subscribe to the above site, you can use the License Overview
Dashboard to enable and gather the site. Note that you must be entitled to
the BigFix Compliance product and you must be using IBM BigFix version 9.2
and later.

·       If you use custom sites, update your custom sites accordingly to
use the latest content. You can synchronize your content by using the
Synchronize Custom Checks wizard. For more information, see
https://ibm.biz/Bd4LBt.

*More information: *
To know more about the IBM BigFix Compliance SCM checklists, please see the
following resources:

·       IBM Developer Works:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/
Tivoli%20Endpoint%20Manager/page/SCM%20Checklists

·       IBM BigFix Blog:
https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-
c955812f8910?lang=en

·       IBM BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance

We hope you find this latest release of SCM content useful and effective.
Thank you!

* -- The IBM BigFix Compliance team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20180815/614026ef/attachment.html>