IBM BigFix Compliance UPDATE: DISA STIG Checklist for Windows 2008 DC, DISA STIG Checklist for Windows 2008 R2 DC, CIS Checklist for Windows 2012 DC, CIS Checklist for Windows 2012 R2 DC published 2017-03-01

Product:
IBM BigFix Compliance

Title:
Updated Security Configuration Management (SCM) DISA STIG Checklist for Windows 2008 DC, DISA STIG Checklist for Windows 2008 R2 DC, CIS Checklist for Windows 2012 DC, CIS Checklist for Windows 2012 R2 DC sites

Security Benchmarks:
DISA Microsoft Windows 2008 DC STIG Benchmark, V6, R33
DISA Microsoft Windows 2008 R2 DC STIG Benchmark, V1, R19
CIS Microsoft Windows Server 2012 (non-R2) DC Benchmark, V2.0.0
CIS Microsoft Windows Server 2012 R2 DC Benchmark, V2.2.0

Published Sites:
DISA STIG Checklist for Windows 2008 DC, site version 22
DISA STIG Checklist for Windows 2008 R2 DC, site version 22
CIS Checklist for Windows 2012 DC, site version 3
CIS Checklist for Windows 2012 R2 DC, site version 7
(The site version is provided for air-gap customers.)

Release Notes:
Changelist:
Fixed and improved the implementation for the following checks:

  1. For the above DISA sites:

*Reversible password encryption will be disabled, by verifying that PDC settings are now reflected on DC and results are no set to none.
*The built-in Windows password complexity policy must be enabled, by verifying that PDC settings are now reflected on DC and results are not set to none.

  1. For the above CIS sites:

*Ensure ‘Store passwords using reversible encryption’ is set to ‘Disabled’”, by verifying that PDC settings are now reflected on DC and results are not set to none.

*Ensure ‘Password must meet complexity requirements’ is set to ‘Enabled’", by verifying that PDC settings are now reflected on DC and results are not set to none.

Actions to take:
• If you are already subscribed to this site, no action is needed.
• To subscribe to the above sites, you can use the License Overview Dashboard to enable and gather the sites. Note that you must be entitled to the BigFix Compliance product and you must be using IBM BigFix version 9.2 and later.

Details:
• Both analysis and remediation checks are included
• Some of the checks allow you to use the parameterized setting to enable customization for compliance evaluation. Note that parameterization and remediation actions require the creation of a custom site.

To know more about IBM BigFix Compliance SCM checklists, please see

• IBM Developer Works: https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists
• IBM Blog for Checklist Release Announcement: https://www.ibm.com/developerworks/community/groups/service/html/community/updates?communityUuid=a1a33778-88b7-452a-9133-c955812f8910&filter=all
• BigFix forums: https://forum.bigfix.com/c/release-announcements/compliance

We hope you find this latest release of SCM content useful and effective. Thank you!
– The IBM BigFix Compliance team