(imported topic written by pmerlin91)
Hi,
We’re planning to use healthcheck on TEM with SCM reporting.
Is there a big difference between these 2 sites:
DISA STIG for OS
SCM Checklist for DISA STIG for OS
some OS only have DISA STIG, others only SCM for DISA STIG, others both …
Could someone tell me which is the best ? i would guess the one with SCM to use SCM …
(imported comment written by pmerlin91)
I found this:
DISA STIG Checklist for SUSE 10 -
Uses the new model for in-line fixlet parameterization. The minimum version of the Tivoli Endpoint Manager client on all endpoints to run the new content: 8.1.551.0.
SCM Checklist for DISA STIG on SUSE 10 -
Uses the original model for script parameterization. The minimum version of the BigFix or TEM client on all endpoints to run the new content: 7.x
So DISA STIG should be more up to date …
(imported comment written by NoahSalzman)
Not “more up to date” but rather “a more modern way of dealing with parameters”.
(imported comment written by SystemAdmin)
Adding a bit of color to Noah’s comment: both sites are based on the current DISA guidance and include the same checks. We’ll maintain both for a while.
However, "DISA STIG Checklist for " sites use a self-parameterization model – each appropriate check/fixlet has a form on its Description tab that allows you to set the parameters for that specific fixlet. This model provides greater usability and consistency in how you control your deployment and is generally the direction for all SCM sites.
On the other hand, in "SCM Checklist for DISA STIG on " sites, each appropriate check/fixlet has a corresponding task that you run to set the parameters for the fixlet. This model provides more flexibility in how you manage the settings of your checks and enables more complex customization of the fixlets than the newer model.
Sorry for the name similarities…we know it’s confusing.