Topic
  • 10 replies
  • Latest Post - ‏2014-11-20T07:30:28Z by nagaraj.s
BigFixNinja
BigFixNinja
2 Posts

Pinned topic ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

‏2013-12-18T00:26:55Z |

Please advise the ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

Thank you.

  • cstoneba
    cstoneba
    4 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2013-12-18T18:37:13Z  

    DISA STIG 2012?? I don't even see the CIS Checklist for Win2008R2 yet...

  • Shivani_S
    Shivani_S
    26 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-01-03T23:13:39Z  
    • cstoneba
    • ‏2013-12-18T18:37:13Z

    DISA STIG 2012?? I don't even see the CIS Checklist for Win2008R2 yet...

    The CIS Checklist for Windows 2008 DC & MS is a combined checklist of 2008 RTM & R2. This is how CIS wrote their content for release versions 1.0.0, 1.1.0, and 1.2.0. This is what we provide in IEM Security and Compliance.

    CIS recently released (Dec '13) v2.1.0 of a CIS Windows 2008 R2 checklist ---- they decided to break it into it's own checklist now. The content in this new checklist is identical to thse checks in the previous "combined" checklist except that they have included 32 additional scorable checks. Currently v2.1.0 is in a prose guide format (manual pdf/word doc.) CIS is currently working on an XML/XCCDF (automatable) version of the CIS Windows 2008 R2 which they plan to release beginning of this year.

     

  • cstoneba
    cstoneba
    4 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-01-06T14:43:11Z  
    • Shivani_S
    • ‏2014-01-03T23:13:39Z

    The CIS Checklist for Windows 2008 DC & MS is a combined checklist of 2008 RTM & R2. This is how CIS wrote their content for release versions 1.0.0, 1.1.0, and 1.2.0. This is what we provide in IEM Security and Compliance.

    CIS recently released (Dec '13) v2.1.0 of a CIS Windows 2008 R2 checklist ---- they decided to break it into it's own checklist now. The content in this new checklist is identical to thse checks in the previous "combined" checklist except that they have included 32 additional scorable checks. Currently v2.1.0 is in a prose guide format (manual pdf/word doc.) CIS is currently working on an XML/XCCDF (automatable) version of the CIS Windows 2008 R2 which they plan to release beginning of this year.

     

    but why so long of a delay to release the checklists by IBM for the CIS 2012 checklist?  Version 1.0.0 was released nearly a year ago (Fri Feb 1 00:44:45 2013)

    http://benchmarks.cisecurity.org/downloads/browse/index.cfm?category=benchmarks.os.windows.2012

     

     

  • RichCea
    RichCea
    3 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-01-07T20:23:02Z  
    • cstoneba
    • ‏2014-01-06T14:43:11Z

    but why so long of a delay to release the checklists by IBM for the CIS 2012 checklist?  Version 1.0.0 was released nearly a year ago (Fri Feb 1 00:44:45 2013)

    http://benchmarks.cisecurity.org/downloads/browse/index.cfm?category=benchmarks.os.windows.2012

     

     

    You are correct that CIS content for Win Server 2012 was first released in February however, that content was only in prose and was not something we could import.  Because of the number of platforms we support we mostly rely on the machine readable content and for 2012 this was released in September.   Even with automation however manual updates are required and increase our turnaround time.  This is something we're very focused on improving.  Our dev team made significant tool and automation progress last year with more to come this quarter so you can expect to see out turnaround times improve.  In addition, we'll be publishing near term target dates to aid in planning starting later this quarter.    

  • StefanoBelluomini
    StefanoBelluomini
    2 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-09-12T00:21:09Z  
    • RichCea
    • ‏2014-01-07T20:23:02Z

    You are correct that CIS content for Win Server 2012 was first released in February however, that content was only in prose and was not something we could import.  Because of the number of platforms we support we mostly rely on the machine readable content and for 2012 this was released in September.   Even with automation however manual updates are required and increase our turnaround time.  This is something we're very focused on improving.  Our dev team made significant tool and automation progress last year with more to come this quarter so you can expect to see out turnaround times improve.  In addition, we'll be publishing near term target dates to aid in planning starting later this quarter.    

    Annnnndddd it's now September 2014... and we are STILL waiting... 9 months later.

    Still no STIGS for 2012 / 2012R2 for MS or DC.

    I have raised a PMR about this.

    This is unacceptable, support.

  • RichCea
    RichCea
    3 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-09-12T14:18:30Z  

    Annnnndddd it's now September 2014... and we are STILL waiting... 9 months later.

    Still no STIGS for 2012 / 2012R2 for MS or DC.

    I have raised a PMR about this.

    This is unacceptable, support.

    Hi Stefano, the DISA Win 2012 content is in the final stages of dev/test and will be available later this month.

  • StefanoBelluomini
    StefanoBelluomini
    2 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-09-14T23:42:22Z  
    • RichCea
    • ‏2014-09-12T14:18:30Z

    Hi Stefano, the DISA Win 2012 content is in the final stages of dev/test and will be available later this month.

    Hi RichCea,

    Does this include 2012 R2 or simply 2012? Also, this conflicts with the official response that I got from IBM support saying that there is no ETA on this request at all... 

    So here we are, with a product we pay for, currently still thinking that 2008R2 is the latest OS from Microsoft with vulnerabilities...

    This is really disappointing.

  • RichCea
    RichCea
    3 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-09-15T13:50:45Z  

    Hi RichCea,

    Does this include 2012 R2 or simply 2012? Also, this conflicts with the official response that I got from IBM support saying that there is no ETA on this request at all... 

    So here we are, with a product we pay for, currently still thinking that 2008R2 is the latest OS from Microsoft with vulnerabilities...

    This is really disappointing.

    Hi Stefano.  The DISA 2012 R2 content will be the first to be released immediately followed by the DISA 2012 MS content (not R2).  Both will be available later this month.  

    We have and are making changes to address the timeliness of our content availability.  I understand your frustration and disappointment.  I hope that with these changes we will regain your confidence.  

  • JMaple
    JMaple
    7 Posts

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-10-08T12:33:11Z  
    • RichCea
    • ‏2014-09-15T13:50:45Z

    Hi Stefano.  The DISA 2012 R2 content will be the first to be released immediately followed by the DISA 2012 MS content (not R2).  Both will be available later this month.  

    We have and are making changes to address the timeliness of our content availability.  I understand your frustration and disappointment.  I hope that with these changes we will regain your confidence.  

    Saw a October 2 release date on another page. Any updates?

  • nagaraj.s
    nagaraj.s
    1 Post

    Re: ETA for Release of DISA STIG Checklist for Windows 2012 R2 DC?

    ‏2014-11-20T07:30:28Z  
    • Shivani_S
    • ‏2014-01-03T23:13:39Z

    The CIS Checklist for Windows 2008 DC & MS is a combined checklist of 2008 RTM & R2. This is how CIS wrote their content for release versions 1.0.0, 1.1.0, and 1.2.0. This is what we provide in IEM Security and Compliance.

    CIS recently released (Dec '13) v2.1.0 of a CIS Windows 2008 R2 checklist ---- they decided to break it into it's own checklist now. The content in this new checklist is identical to thse checks in the previous "combined" checklist except that they have included 32 additional scorable checks. Currently v2.1.0 is in a prose guide format (manual pdf/word doc.) CIS is currently working on an XML/XCCDF (automatable) version of the CIS Windows 2008 R2 which they plan to release beginning of this year.

     

    Hi,

     

    May i know the checklist condition how to remidiate the policy

     

    Thanks,

    Nagaraj