NIST just released an alpha version of Windows 7, Windows 7 Firewall, and IE8 SCAP settings under the United States Government Configuration Baseline umbrella.
(When) Can we expect to see a external site with this content? My organization will be testing these settings in the
Although the new SCAP content has not yet been tested by BigFix, you can use the SCAP Import wizard in the SCM Reporting site to import the content immediately. I can not comment at this time when there will be an external site, but as a stopgap measure you could use this.
I too have users who are interested in when this the NIST setting standards for Win7, Win7Firewall and IE8 will be available for use. Please let us know if there is an estimated time on when they’ll be available. Thanks!
NIST has made USGCB offical. In other words, it’s no longer alpha or beta. Sooooooo, does anyone know when or if this is going to be provided by BigFix?
We’re working on it. We plan to have a set of controls based on USGCB available for beta testing in about a month, and a fully-qualified release within a few months after that. Please contact me or your BigFix sales team if you’d like to be considered for the beta. Thanks!
We produced a set of fixlets (per my note on 10/20) based on USGCB for Win 7 and IE 8, and found tons of issues with the source in the process. We’ve been in iterative development to get them to an acceptable quality level since then. Unfortunately, the “automation” part of SCAP still has a ways to go. It’s going to be a little while yet before we can release this set of fixlets. Thanks for your patience.
hey, 3 months later … any word on a release date for this?
I need to impliment this within the next couple of weeks and this would save me a LOT of work if this is ready … even in an alpha or beta form. All I need right now is the assessment and reporting, remediation can wait for me.
Now available: several new security configuration management checklists for Tivoli Endpoint Manager for Security and Compliance. The new checklists, based on guidance provided by NIST through the United States Government Configuration Baseline (USGCB), are:
USGCB Checklist for Internet Explorer 8
USGCB Checklist for Windows 7 Energy
USGCB Checklist for Windows 7 Firewall
The fourth checklist - USGCB Checklist for Windows 7 - is still in development. (In the meantime, you may chose to use the DISA STIG for Windows 7 site.)
Each of these content sites contain security configuration checks that evaluate and, if desired, remediate the security settings of your endpoints according the USGCB configuration baselines designed “to improve and maintain effective configuration settings focusing primarily on security” (http://usgcb.nist.gov/). As with most of the existing SCM content in the Tivoli Endpoint Manager for Security and Compliance library, most checks include a corresponding analysis property to report actual values (not just pass/fail), and most checks have a parameterized setting enabling simple customization for compliance evaluation and remediation.
In addition to the new sites, the following existing sites have been updated to be compatible with the new content:
SCM Reporting
BES Support
ACTIONS FOR CUSTOMERS
All customers that currently license the Tivoli Endpoint Manager for Security and Compliance product, the BigFix SCMv3 solution module, the BigFix SCVM solution pack, or the BigFix SLM+SCVM solution bundle are entitled to the new content. If you are using BES 8.0 or Tivoli Endpoint Manager 8.1 and you are entitled to the new content, you may use the License Overview dashboard to enable and gather the sites. If you are running BES 7.x and you are currently licensed for Tivoli Endpoint Manager for Security and Compliance, BigFix SCVM, BigFix SLM+SCVM, or BigFix SCM v3, please contact ibmtemlicensing@lotus.com for access to the new mastheads.
The final checklist in the USGCB for Win 7 set – USGCB Checklist for Windows 7 – was propagated today. If you are properly entitled, you’ll now see this checklist in your BigFix Management > License Overview dashboard in your console.
This site implements the USGCB guidance for the core Windows 7 OS security checks, includes remediation, measured values analysis properties, and in-line check parameterization. In addition, it’s fully compatible with the new Security and Compliance Analytics reporting component. Enjoy!