IBM Endpoint Manager for Security and Compliance
Security Configuration Management (SCM)
IBM is pleased to announce the availability of the new security configuration management checklists for IBM Endpoint Manager for Security and Compliance. The new checklists based on guidance provided by the Defense Information Systems Agency (DISA – US DoD) are listed below, along with maintenance updates to existing DISA checklists.
In-line parameterization, requires TEM 8.1+ :
- DISA STIG Checklist for AIX 5.3 - RG03 v1
- DISA STIG Checklist for AIX 6.1 - RG03 v1
- DISA STIG Checklist for RHEL 5 - RG03 v2
- DISA STIG Checklist for Solaris 10 - RG03 v2
Action Script based parameterization:
- SCM Checklist for DISA on AIX 5.3 - RG03 v1
- SCM Checklist for DISA on AIX 6.1 - RG03 v1
- SCM Checklist for DISA on RHEL 5 - RG03 v2
- SCM Checklist for DISA on Solaris 10 - RG03 v2
* Please note:
The "RG03" suffix for the site names represents release groups. We create new release groups when the security checklists have changed significantly as to not override customers with disruptive changes to their compliance checklists.
Site versions provided for air-gap customers.
For the “Action Script based” parameterization model, each security control has a corresponding Fixlet Task that can be used to alter the check’s parameters.
For the “In-line” parameterization model, each security control contains the parameterization settings in a form directly on the Fixlet Description tab. The In-line model requires TEM 8.1 and later.
This content contains security configuration checks that evaluate and, if desired, remediate the security settings of your endpoints according the DISA standards. As with most of the existing SCM content in the Tivoli Endpoint Manager for Security and Compliance library, most checks include a corresponding analysis property to report actual values (not just pass/fail), and most checks have a parameterized setting enabling simple customization for compliance evaluation and remediation.
ACTIONS TO TAKE
All customers that currently license the Tivoli Endpoint Manager for Security and Compliance product, the BigFix SCMv3 solution module, the BigFix SCVM solution pack, or the BigFix SLM+SCVM solution bundle are entitled to the new content. If you are using BES 8.0 or Tivoli Endpoint Manager 8.1 and you are entitled to the new content, you may use the License Overview dashboard to enable and gather the sites. If you are running BES 7.x and you are currently licensed for Tivoli Endpoint Manager for Security and Compliance, BigFix SCVM, BigFix SLM+SCVM, or BigFix SCM v3, please contact firstname.lastname@example.org for access to the new mastheads.
We hope you find this latest release of SCM content useful and effective.
Senior Engineer, BigFix
IBM Cloud & Smarter Infrastructure