[BESAdmin-Announcements] Enhanced Security for SCM Middleware and Unix Checklists

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Fri May 30 08:17:05 PDT 2025 

Product:
BigFix Compliance

Title:
Enhanced Security for SCM Middleware and Unix Checklists

At BigFix, we continuously invest in strengthening the security,
consistency, and reliability of our platform. As part of this ongoing
initiative, we’ve introduced key enhancements to the security of SCM
Middleware and Unix checklists, along with improvements that promote more
consistent compliance assessments and simplify the management of checklist
content.

What’s New?

   - We have introduced a more secure content delivery model for Middleware
   and Unix checklists.
      - With this enhancement, when the Environment Setup task Action is
      executed, it will securely download a sqlite_detect.db file from the
      external site - only after verifying the file’s integrity through a hash
      and SHA-256 checksum. This file contains all relevant detect scripts.
      - Using relevance, the agent will retrieve the IDs of all fixlets in
      the current checklist and extract the corresponding detect
scripts for each
      ID, then execute them sequentially on the endpoint.
   - We added Desired Values for all checks across the checklists listed
   below in the table.
   - The Synchronize Custom Checks wizard is now supported for Unix and
   Middleware checklists.

Why This Matters

   - This enhancement ensures that detect scripts are securely delivered at
   runtime and are no longer persistently stored or modifiable on endpoints.
   This adds an extra layer of protection by enabling compliance content to be
   executed in a secure, controlled, and verifiable manner, strengthening the
   reliability and trustworthiness of compliance checks across SCM Middleware
   and Unix checklists.
   - Inclusion of Desired Values across all checklists and support for
   synchronization of Middleware and Unix checklists via the Synchronize
   Custom Checks wizard, helps in achieving more consistent compliance
   assessments and streamlined content management.

What’s Covered
This enhancement applies to the following SCM checklists:
<https://forum.bigfix.com/t/enhanced-security-for-scm-middleware-and-unix-checklists/51883#p-172074-released-checklists-1>Released
Checklists
SL Number Checklist Name Site Version Platform Published Date
1 CIS Checklist for AIX 7.x 5 Unix 29th May 2025
2 DISA STIG Checklist for AIX 7.x 11 Unix 29th May 2025
3 CIS Checklist for Solaris 11.4 7 Unix 29th May 2025
4 CIS Checklist for Solaris 11.1 3 Unix 28th May 2025
5 DISA STIG Checklist for Solaris 11 20 Unix 28th May 2025
6 CIS Checklist for MacOS 15 4 Unix 28th May 2025
7 CIS Checklist for MacOS 14 9 Unix 28th May 2025
8 CIS Checklist for MacOS 13 10 Unix 28th May 2025
9 CIS Checklist for MacOS 12 9 Unix 28th May 2025
10 DISA STIG Checklist for MacOS 15 2 Unix 28th May 2025
11 DISA STIG Checklist for MacOS 14 5 Unix 28th May 2025
12 DISA STIG Checklist for Mac OS 13 4 Unix 28th May 2025
13 DISA STIG Checklist for Mac OS 12 7 Unix 28th May 2025
14 CIS Checklist for MS SQL Server 2016 14 Middleware 29th May 2025
15 CIS Checklist for MS SQL Server 2014 7 Middleware 29th May 2025
16 CIS Checklist for MS SQL Server 2017 11 Middleware 29th May 2025
17 CIS Checklist for MS SQL Server 2019 18 Middleware 29th May 2025
18 CIS Checklist for MS SQL Server 2022 7 Middleware 29th May 2025
19 DISA STIG Checklist for MS SQL Server 2014 6 Middleware 29th May 2025
20 DISA STIG Checklist for MS SQL Server 2016 8 Middleware 29th May 2025
<https://forum.bigfix.com/t/enhanced-security-for-scm-middleware-and-unix-checklists/51883#p-172074-to-be-released-checklists-2>To
be Released Checklists
SL Number Checklist Name Site Version Platform Planned Release Date
21 CIS Checklist for IBM DB2 11 on Linux Middleware 2nd June 2025
22 CIS Checklist for IBM DB2 11 on Windows Middleware 2nd June 2025
23 CIS Checklist for MS IIS 10 Middleware 2nd June 2025
24 DISA STIG Checklist for MS IIS 10.0 Middleware 2nd June 2025
25 CIS Checklist for Apache Server 2_4 on Linux Middleware 2nd June 2025
26 DISA STIG Checklist for Apache Server 2_4 on Windows Middleware 2nd June
2025
27 DISA STIG Checklist for Apache Server 2.4 on Linux Middleware 2nd June
2025
28 CIS Checklist for Apache Tomcat 10.1 on Linux Middleware 2nd June 2025
29 CIS Checklist for Apache Tomcat 10 on Linux Middleware 2nd June 2025
30 CIS Checklist for Apache Tomcat 9 on Linux Middleware 2nd June 2025
31 DISA STIG Checklist for Apache Tomcat 9 Server on Linux Middleware 2nd
June 2025
32 CIS Checklist for Oracle 19C database on Windows Middleware 2nd June 2025
33 DISA STIG Checklist for Oracle Database 19c on Windows Middleware 2nd
June 2025
34 CIS Checklist for Oracle 19C database on Linux Middleware 2nd June 2025
35 DISA Checklist for Oracle 19C database on Linux Middleware 2nd June 2025

What Stays Unchanged:

   - No changes to directory structures, script paths, or log file
   locations.
   - The way compliance is evaluated remains the same.
   - No SQLite installation is required on endpoints.

Actions to take:

   - To subscribe to the above site, you can use the License Overview
   Dashboard to enable and gather the site. Note that you must be entitled to
   the BigFix Compliance product, and you must be using BigFix version 10 and
   later.
   Steps: Dashboard –> License Overview –> Select and Enable Site -->
   Gather Site
   - If you use custom sites, please update them to incorporate the latest
   content. You can do this using the Synchronize Custom Checks wizard.
   Note: *During the initial synchronization, you will notice that all
   checks are removed and then re-added.*
   Note: *Ensure that the Environment Setup Tasks are manually copied from
   the external site and remove the old environmental setup task for the first
   time. Starting with the next release, synchronization for these checklists
   will be fully seamless.*

More information:
To know more about the BigFix Compliance SCM checklists, please see the
following resources:

   - BigFix Forum 1
   <https://forum.bigfix.com/c/release-announcements/compliance>
   - BigFix Compliance SCM Checklists 2 1
   <https://bigfix-wiki.hcltechsw.com/wikis/home?lang=enus#!/wiki/BigFix%20Wiki/page/SCM%20Checklists>

*– The BigFix Compliance team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250530/a767a684/attachment.html>

More information about the Besadmin-announcements mailing list