[BESAdmin-Announcements] Subject: Announcing the Beta Release: Universal Checklist for Windows Server

[Announcements for BES Administrators]

Hello BigFix Community,

We are excited to announce the beta release of the new Universal Checklist
for Windows Server, the first stage of a major initiative to simplify and
streamline compliance management in BigFix.

This is the first release from our new *Universal Checklist initiative*, a
project designed to simplify compliance management by creating single,
platform-specific checklists that work across all supported OS versions.
This initiative will ultimately reduce complexity and improve performance
across your entire environment.

This first stage is focused specifically on Windows Server, and here’s what
it means for you today
*What is the Universal Checklist for Windows Server?*

The Universal Checklist for Windows Server is a consolidated checklist
designed to assess general purpose compliance across all supported Windows
Server versions, from Windows Server 2016 to 2025.

The initial beta release is a collection of all the checks from CIS and
DISA benchmarks for all the supported Windows Servers. It allows you to
enforce security configurations across your entire Windows Server
environment with a single action.
*Technical Snapshot* *Total Fixlets: *508 *Fixlets with Remediation:
*493 *Parameterized
Fixlets : *361 *Benchmark Sources: *CIS and DISA STIGs *Applies To: *Windows
Server 2016, 2019, 2022, 2025 *Key Benefits in This Beta Release*

●       *Simplified Workflow*: Instead of selecting and managing multiple
checklists for different OS versions (e.g., for 2016, 2019, 2022, 2025),
you can now deploy a single universal checklist to scan all your Windows
Server endpoints. This new model eliminates the need to manually identify,
enable, and run multiple OS-specific checklists, significantly cutting down
on configuration time

●       *Version-aware applicability*: The checklist uses version-aware
applicability logic, ensuring checks only apply to relevant OS versions.
*What's Changing* *●*      *A Single Checklist Model: *You will now manage
and deploy one checklist for the entire Windows Server platform, rather
than one for each OS version and Benchmark. *What Stays the Same* *●*
    *Custom
Checklist Creation: *Your workflow for creating custom checklists is not
changing. You can still use the "Create Custom Checklist" wizard with the
content from this new Universal Checklist.

●       *Parameterization*: The ability to parameterize checks, where
applicable, remains unchanged from the existing process.
*●*       *Checklist-Level Reporting: *For this beta phase, you will find
the compliance score for the Universal Checklist in the same location as
your other checklists SCA > Reports > Checklists section. or you can access
the same data by running the existing compliance reports in Web Reports
(https://<bigfix_server_name>:8083/webreports)

*Note:** It is important to note that this report shows the overall
compliance for the general-purpose Universal Checklist itself and is not a
substitute for a benchmark-specific (e.g., CIS or DISA) report.*
*●*       *Availability of Individual CIS/DISA Checklists: *This Universal
Checklist is for general-purpose use. To generate specific CIS or DISA
compliance reports, you must continue to use the individual CIS and DISA
checklists, which will still be delivered through the existing method. *How
to Get Started*

The Universal Checklist for Windows Server (Beta) is available now. To get
started, please subscribe to the content from the [Universal Checklist for
Windows Server] external site and deploy it to your desired endpoints.

To get started:

1. Enable and gather the Universal Checklist for Windows Server external
site from the License Overview Dashboard.

2. Create a custom site using Create Custom Checks wizard.

3. Change the default parameters if required.

4. Run and schedule the “Deploy and Run" Task periodically.

5. If you use custom sites, update your custom sites accordingly to use the
latest content. You can synchronize your content by using the Synchronize
Custom Checks wizard. For more information, see
<https://help.hcltechsw.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html>Using
the Synchronize Custom Checks wizard
<https://help.hcltechsw.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html>

6. Subscribe all the relevant Windows Server (2016/2019/2022/2025)
endpoints.

7. Run SCA import to get the compliance status reports.


*We Need Your Feedback*

As this is a beta release, your feedback is crucial. Please share your
experience, report any issues, and provide suggestions in this forum thread
to help us prepare for the general availability release.
*What’s Next?*

This is just the beginning! Future stages of the Universal Checklist
initiative will include:

●       Expansion to other platforms like Windows Workstations, macOS, and
multiple Linux distributions.

●       The Universal Checklist will introduce advanced framework-specific
mapping for standards like CIS, DISA, PCI DSS, HIPAA, and others, enabling
capabilities including:

○       Framework-specific scoring

○       Drill-down by Fixlet, device, and group

○       Historical trend analysis

○       Exportable audit reports



Thank you for your continued support and participation.

*– The BigFix Compliance team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250917/fac16f34/attachment.html>