(imported topic written by SystemAdmin)
The following updates were recently applied to SCM sites:
----AFFECTED SITES----
SCM Checklist for DISA STIG on AIX 5.1
SCM Checklist for DISA STIG on AIX 5.2
SCM Checklist for DISA STIG on AIX 5.3
SCM Checklist for DISA STIG on AIX 6.1
SCM Checklist for DISA STIG on HPUX 11.00
SCM Checklist for DISA STIG on HPUX 11.11
SCM Checklist for DISA STIG on HPUX 11.23
SCM Checklist for DISA STIG on RHEL 3
SCM Checklist for DISA STIG on RHEL 4
SCM Checklist for DISA STIG on RHEL 5
SCM Checklist for DISA STIG on Solaris 8
SCM Checklist for DISA STIG on Solaris 9
SCM Checklist for DISA STIG on Solaris 10
----CHANGES----
Each check in the DISA STIG for Unix sites now includes a corresponding analysis property that reports the actual value (aka “measured value”) of the configuration element being checked. These analysis values are useful in the new Tivoli Endpoint Manager for Security and Compliance Analytics application when examining the reason a particular computer reports compliance or non-compliance for a given check.
----AFFECTED SITES----
DISA STIG on Windows 2008 DC v6r1.11
DISA STIG on Windows 2008 MS v6r1.11
DISA STIG on Windows 2003 DC v6r1.18
DISA STIG on Windows 2003 MS v6r1.18
DISA STIG on Windows Vista v6r1.18
DISA STIG on Windows XP v6r1.18
DISA STIG on Windows 7 v1r2
----CHANGES----
The following fixes were applied:
- Several file names referenced by several checks in the DISA STIG for XP site were misspelled. (ref 41379)
- Several log file path names referenced by several checks in the DISA STIG for Windows 7 were incorrect. (ref 41320)
- Checks in multiple DISA STIG sites did not reference both x64 and x32 file paths for several files. (ref 41321)
- Remediation actions on x64 systems for several checks in multiple DISA STIG sites were not functional. (ref 41362)
----AFFECTED SITES----
SCM Checklist for FDCC on Windows XP
SCM Checklist for FDCC on Windows XP Firewall
SCM Checklist for FDCC on Windows Vista
SCM Checklist for FDCC on Windows Vista Firewall
SCM Checklist for FDCC on Internet Explorer 7
----CHANGES----
- ALL FIXLETS - Metadata has been updated in all fixlets and tasks to support the Tivoli Endpoint Manager for Security and Compliance Analytics component.
- Multiple fixlets - some relevance has been added or modified in part due to recent changes in OVAL (used in the source guidance files from NIST) and in part to help determine applicability for more accurate compliance evaluation reported through Tivoli Endpoint Manager for Security and Compliance Analytics.
- SCM Checklist for FDCC on Windows XP - Fixlet ID: 9000 Security Patches Up-To-Date – Updated to reflect the SCAP-expressed data stream updated by NIST on 02.22.2011.
- SCM Checklist for FDCC on Internet Explorer 7 - Fixlet ID: 9000 Security Patches Up-to-Date – Updated to reflect the SCAP-expressed data stream updated by NIST on 02.22.2011.
- SCM Checklist for FDCC on Windows Vista - Fixlet ID: 9000 Security Patches Up-to-Date – Updated to reflect the SCAP-expressed data stream updated by NIST on 02.22.2011.
----AFFECTED SITES----
SCM Reporting
----CHANGES----
- A new wizard – the Create Custom Checklist Wizard – is available in the Security Configuration domain under the Configuration Management Checklist Tools folder. The new wizard provides an easy way to copy an entire SCM checklist from an externally-gathered site to a custom site where it can be parameterized and otherwise modified.
- Certain functions in the SCM Management Report Template were broken by a recent propagation of the site. This error has been corrected. (ref 41247)
----ACTIONS TO TAKE----
All customers that currently license the Tivoli Endpoint Manager for Security and Compliance product, the BigFix SCMv3 solution module, the BigFix SCVM solution pack, or the BigFix SLM+SCVM solution bundle may gather these content updates. Administrators are encouraged to verify open actions as necessary. If you are using custom sites based on the affected content, you will need to manually update the content in those sites with the corresponding content from the external sites.