Subject: Announcing the Beta Release: Universal Checklist for Windows Workstation
Hello BigFix Community,
We are excited to announce the beta release of the new Universal Checklist for Windows Workstation, the next stage of a major initiative to simplify and streamline compliance management in BigFix.
This is the second release from our new Universal Checklist initiative, a project designed to simplify compliance management by creating single, platform-specific checklists that work across all supported OS versions. This initiative will ultimately reduce complexity and improve performance across your entire environment.
This next stage is focused specifically on Windows Workstation, and here’s what it means for you today
What is the Universal Checklist for Windows Workstation?
The Universal Checklist for Windows Workstation is a consolidated checklist designed to assess general purpose compliance across all supported Windows Workstation versions, both Windows Workstation 10 and 11.
The second beta release is a collection of all the checks from CIS and DISA benchmarks for all the supported Windows Workstations. It allows you to enforce security configurations across your entire Windows Workstation environment with a single action.
Technical Snapshot
Total Fixlets: 627
Fixlets with Remediation: 606
Parameterized Fixlets : 505
Benchmark Sources: CIS and DISA STIGs
Applies To: Windows Workstation 10 and 11
Key Benefits in This Beta Release
• Simplified Workflow: Instead of selecting and managing multiple checklists for different OS versions (e.g., for 10 and 11), you can now deploy a single universal checklist to scan all your Windows Workstation endpoints. This new model eliminates the need to manually identify, enable, and run multiple OS-specific checklists, significantly cutting down on configuration time
• Version-aware applicability: The checklist uses version-aware applicability logic, ensuring checks only apply to relevant OS versions.
What’s Changing
• A Single Checklist Model: You will now manage and deploy one checklist for the entire Windows Workstation platform, rather than one for each OS version and Benchmark.
What Stays the Same
• Custom Checklist Creation: Your workflow for creating custom checklists is not changing. You can still use the “Create Custom Checklist” wizard with the content from this new Universal Checklist.
• Parameterization: The ability to parameterize checks, where applicable, remains unchanged from the existing process.
• Checklist-Level Reporting: For this beta phase, you will find the compliance score for the Universal Checklist in the same location as your other checklists SCA > Reports > Checklists section. or you can access the same data by running the existing compliance reports in Web Reports (https://<bigfix_Workstation_name>:8083/webreports)
***Note:** It is important to note that this report shows the overall compliance for the general-purpose Universal Checklist itself and is not a substitute for a benchmark-specific (e.g., CIS or DISA) report.*
• Availability of Individual CIS/DISA Checklists: This Universal Checklist is for general-purpose use. To generate specific CIS or DISA compliance reports, you must continue to use the individual CIS and DISA checklists, which will still be delivered through the existing method.
How to Get Started
The Universal Checklist for Windows Workstation (Beta) is available now. To get started, please subscribe to the content from the [Universal Checklist for Windows Workstation] external site and deploy it to your desired endpoints.
To get started:
1. Enable and gather the Universal Checklist for Windows Workstation external site from the License Overview Dashboard.
2. Create a custom site using Create Custom Checks wizard.
3. Change the default parameters if required.
4. If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see Using the Synchronize Custom Checks wizard
5. Subscribe all the relevant Windows Workstation (10/11) endpoints.
6. Run SCA import to get the compliance status reports.
We Need Your Feedback
As this is a beta release, your feedback is crucial. Please share your experience, report any issues, and provide suggestions in this forum thread to help us prepare for the general availability release.
What’s Next?
This is just the beginning! Future stages of the Universal Checklist initiative will include:
• Expansion to other platforms like macOS, and multiple Linux distributions.
• The Universal Checklist will introduce advanced framework-specific mapping for standards like CIS, DISA, PCI DSS, HIPAA, and others, enabling capabilities including:
– Framework-specific scoring
– Drill-down by Fixlet, device, and group
– Historical trend analysis
– Exportable audit reports
Thank you for your continued support and participation.
– The BigFix Compliance team