(imported topic written by GreenEagleLeader)
Please advise the ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?
Thank you.
(imported comment written by cstoneba)
DISA STIG 2012?? I don’t even see the CIS Checklist for Win2008R2 yet…
(imported comment written by Shivani_S)
The CIS Checklist for Windows 2008 DC & MS is a combined checklist of 2008 RTM & R2. This is how CIS wrote their content for release versions 1.0.0, 1.1.0, and 1.2.0. This is what we provide in IEM Security and Compliance.
CIS recently released (Dec '13) v2.1.0 of a CIS Windows 2008 R2 checklist ---- they decided to break it into it’s own checklist now. The content in this new checklist is identical to thse checks in the previous “combined” checklist except that they have included 32 additional scorable checks. Currently v2.1.0 is in a prose guide format (manual pdf/word doc.) CIS is currently working on an XML/XCCDF (automatable) version of the CIS Windows 2008 R2 which they plan to release beginning of this year.
(imported comment written by cstoneba)
but why so long of a delay to release the checklists by IBM for the CIS 2012 checklist? Version 1.0.0 was released nearly a year ago (
Fri Feb 1 00:44:45 2013)
(imported comment written by RichCea)
You are correct that CIS content for Win Server 2012 was first released in February however, that content was only in prose and was not something we could import. Because of the number of platforms we support we mostly rely on the machine readable content and for 2012 this was released in September. Even with automation however manual updates are required and increase our turnaround time. This is something we’re very focused on improving. Our dev team made significant tool and automation progress last year with more to come this quarter so you can expect to see out turnaround times improve. In addition, we’ll be publishing near term target dates to aid in planning starting later this quarter.
(imported comment written by StefanoBelluomini)
Annnnndddd it’s now September 2014… and we are STILL waiting… 9 months later.
Still no STIGS for 2012 / 2012R2 for MS or DC.
I have raised a PMR about this.
This is unacceptable, support.
(imported comment written by RichCea)
Hi Stefano, the DISA Win 2012 content is in the final stages of dev/test and will be available later this month.
(imported comment written by StefanoBelluomini)
Hi RichCea,
Does this include 2012 R2 or simply 2012? Also, this conflicts with the official response that I got from IBM support saying that there is no ETA on this request at all…
So here we are, with a product we pay for, currently still thinking that 2008R2 is the latest OS from Microsoft with vulnerabilities…
This is really disappointing.
(imported comment written by RichCea)
Hi Stefano. The DISA 2012 R2 content will be the first to be released immediately followed by the DISA 2012 MS content (not R2). Both will be available later this month.
We have and are making changes to address the timeliness of our content availability. I understand your frustration and disappointment. I hope that with these changes we will regain your confidence.
(imported comment written by JMaple)
Saw a October 2 release date on another page. Any updates?
Bringing this back up because I was asked about it. Is there a checklist for 2012R2 expected to be released “soon”? Considering what RichCea shared, it should already be out?
I believe it is out. If you are entitled to it you have to request a license upgrade from the console and run BESAdmin to re-issue
To confirm, the relevance of the CIS Checklist for Windows 2012 MS site says it is for 2012 and 2012R2
Hi, DISA haven’t released Checklist for Windows 2012R2 yet, however, as Alan said, DISA STIG Checklist for Windows 2012 covers Windows 2012R2 also.
I misread the DISA site. Thought they had their checklist out on that. Maybe I’ll throw out the CIS and see what sticks.
