[BESAdmin-Announcements] BigFix Compliance: Updated CIS Checklist for AIX 7.x, published 2025-09-17

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Thu Sep 18 06:45:16 PDT 2025 

*Product:*
BigFix Compliance

*Title:*
Updated CIS Checklist for AIX 7.x to support a more recent version of the
benchmark

*Security Benchmark:*
CIS IBM AIX 7 Benchmark, v1.1.0

*Published Sites:*
CIS Checklist for AIX 7.x, site version 6
(The site version is provided for air-gap customers.)

*Details:*

   - Total New Fixlets: 12
   - Total Updated Fixlets: 9
   - Total Fixlets in Site: 213


*New Fixlets**:*
cis-4.1.1.1 - Ensure access on root user smit.log is configured
cis-1.3.3.2 - Ensure SSH client and server packages are installed on AIX 7.2
cis-3.5 - Ensure there are no group staff writable files
cis-4.2.8 - Ensure snmpd is not installed
cis-4.3.1.6 - Ensure snapp is not installed
cis-4.3.1.7 - Ensure NIM master is not installed
cis-4.3.2.2 - Ensure dhcp client services are not in use
cis-4.4.1.6 - Ensure access by root over nfs is disabled or blocked
cis-4.7.6 - Ensure TMOUT is configured
cis-4.7.7 - Unattended terminal session timeout is 900 seconds (or less) –
readonly
cis-5.2.6 - Ensure password expiration is configured
cis-5.2.10 - Ensure number of characters changed in new password is
configured

*Updated Fixlets:*
cis-2.5 - Ensure Unauthorized Applications are reported
cis-4.1.2.5 - Ensure access to /etc/security is configured
cis-4.4.1.7 - Ensure secure RPC authentication is enabled
cis-4.6.1.7 - Ensure CDE screensaver lock is enabled
cis-4.6.1.8 - Ensure CDE login screen hostname is masked
cis-4.7.1 - Ensure herald is configured
cis-5.1.6 - Ensure all local user accounts have valid stanzas in
/etc/security/passwd
cis-4.6.1.11 - Ensure access to Xresources is configured
cis-4.2.7 - Ensure legacy remote daemon support is not available

·       Introduced continuous compliance for 40% of checks using BigFix
relevance

·       Both analysis and remediation checks are included

   - Some of the checks allow you to use the parameterized setting to
   enable customization for compliance evaluation. Note that parameterization
   and remediation actions require the creation of a custom site.

*Actions to take:*

●       To subscribe to the above site, you can use the License Overview
Dashboard to enable and gather the site. Note that you must be entitled to
the BigFix Compliance product, and you must be using BigFix version 10 and
later.

●       If you use custom sites, update your custom sites accordingly to
use the latest content. You can synchronize your content by using the
Synchronize Custom Checks wizard. For more information, see
https://help.hcl-software.com/bigfix/11.0/compliance/Compliance/SCM_Users_Guide/c_using_synchronize_custom_checks_wiz.html

*More information:*
To know more about the BigFix Compliance SCM checklists, please see the
following resources:

●       BigFix Forum:
https://forum.bigfix.com/c/release-announcements/compliance

●       BigFix Compliance SCM Checklists:
https://bigfix-wiki.hcltechsw.com/wikis/home?lang=en-us#!/wiki/BigFix%20Wiki/page/SCM%20Checklists
We hope you find this latest release of SCM content useful and effective.
Thank you!
*– The BigFix Compliance team*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20250918/be4750d1/attachment.html>

More information about the Besadmin-announcements mailing list