Announcing the Beta Release: Universal Checklist for Windows Server

Release Announcements Compliance (Release Announcements)
1

Subject: Announcing the Beta Release: Universal Checklist for Windows Server

Hello BigFix Community,

We are excited to announce the beta release of the new Universal Checklist for Windows Server, the first stage of a major initiative to simplify and streamline compliance management in BigFix.

This is the first release from our new Universal Checklist initiative, a project designed to simplify compliance management by creating single, platform-specific checklists that work across all supported OS versions. This initiative will ultimately reduce complexity and improve performance across your entire environment.

This first stage is focused specifically on Windows Server, and here’s what it means for you today

What is the Universal Checklist for Windows Server?

The Universal Checklist for Windows Server is a consolidated checklist designed to assess general purpose compliance across all supported Windows Server versions, from Windows Server 2016 to 2025.

The initial beta release is a collection of all the checks from CIS and DISA benchmarks for all the supported Windows Servers. It allows you to enforce security configurations across your entire Windows Server environment with a single action.

Technical Snapshot

Total Fixlets: 508

Fixlets with Remediation: 493

Parameterized Fixlets : 361

Benchmark Sources: CIS and DISA STIGs

Applies To: Windows Server 2016, 2019, 2022, 2025

Key Benefits in This Beta Release

â—Ź Simplified Workflow: Instead of selecting and managing multiple checklists for different OS versions (e.g., for 2016, 2019, 2022, 2025), you can now deploy a single universal checklist to scan all your Windows Server endpoints. This new model eliminates the need to manually identify, enable, and run multiple OS-specific checklists, significantly cutting down on configuration time

â—Ź Version-aware applicability: The checklist uses version-aware applicability logic, ensuring checks only apply to relevant OS versions.

What’s Changing

â—Ź A Single Checklist Model: You will now manage and deploy one checklist for the entire Windows Server platform, rather than one for each OS version and Benchmark.

What Stays the Same

● Custom Checklist Creation: Your workflow for creating custom checklists is not changing. You can still use the “Create Custom Checklist” wizard with the content from this new Universal Checklist.

â—Ź Parameterization: The ability to parameterize checks, where applicable, remains unchanged from the existing process.

â—Ź Checklist-Level Reporting: For this beta phase, you will find the compliance score for the Universal Checklist in the same location as your other checklists SCA > Reports > Checklists section. or you can access the same data by running the existing compliance reports in Web Reports (https://<bigfix_server_name>:8083/webreports)

Note: It is important to note that this report shows the overall compliance for the general-purpose Universal Checklist itself and is not a substitute for a benchmark-specific (e.g., CIS or DISA) report.

â—Ź Availability of Individual CIS/DISA Checklists: This Universal Checklist is for general-purpose use. To generate specific CIS or DISA compliance reports, you must continue to use the individual CIS and DISA checklists, which will still be delivered through the existing method.

How to Get Started

The Universal Checklist for Windows Server (Beta) is available now. To get started, please subscribe to the content from the [Universal Checklist for Windows Server] external site and deploy it to your desired endpoints.

To get started:

  1. Enable and gather the Universal Checklist for Windows Server external site from the License Overview Dashboard.

  2. Create a custom site using Create Custom Checks wizard.

  3. Change the default parameters if required.

  4. Run and schedule the “Deploy and Run" Task periodically.

  5. If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see Using the Synchronize Custom Checks wizard

  6. Subscribe all the relevant Windows Server (2016/2019/2022/2025) endpoints.

  7. Run SCA import to get the compliance status reports.

We Need Your Feedback

As this is a beta release, your feedback is crucial. Please share your experience, report any issues, and provide suggestions in this forum thread to help us prepare for the general availability release.

What’s Next?

This is just the beginning! Future stages of the Universal Checklist initiative will include:

â—Ź Expansion to other platforms like Windows Workstations, macOS, and multiple Linux distributions.

â—Ź The Universal Checklist will introduce advanced framework-specific mapping for standards like CIS, DISA, PCI DSS, HIPAA, and others, enabling capabilities including:

â—‹ Framework-specific scoring

â—‹ Drill-down by Fixlet, device, and group

â—‹ Historical trend analysis

â—‹ Exportable audit reports

Thank you for your continued support and participation.

– The BigFix Compliance team

3 Likes