SCA Release Notes

This page has not been liked. Updated 9/19/17, 9:55 PM by cglimsonTags:

This page contains the BigFix Compliance (previously known as SCA) release notes.

To view the Compliance guides, see:

BigFix Compliance User Guide: http://ibm.co/2lRmRy2

BigFix Compliance Setup Guide: http://ibm.co/2kAtjY5

BigFix Compliance Payment Card Industry (PCI) Add-on Guide: http://ibm.co/2krUzwS

 

BFC/SCA Versions 

BFC Server (or BFC Analytics, previously SCA) is a BigFix Compliance application and so has own versioning. BigFix Compliance version is the official marketing version of BigFix Compliance, however, it does not denote the version of the BFC Server code. Under each BigFix Compliance version, the BFC development team releases application updates, which are numbered independently. The EOS (End of Support) date of BFC is the same as that of BigFix Compliance.

The following table lists the releases and EOS date of BigFix Compliance (previously Security and Compliance) and BFC Server.

BigFix Compliance versions SCA/BFC versions End of support date Document URL of BigFix Compliance lifecycle
8.2.x 1.4.x 2016-04-30 https://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?q45=G675836Y73654S93
9.0.x 1.4.x 2017-04-30 https://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?q45=J913921P97778K95
9.1.x 1.5.x 2017-09-30 https://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?q45=R423754B52762P86
9.2.x 1.6.x, 1.7.x TBA https://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?q45=I550131Q88162O18
9.5.x 1.8.x, 1.9.x TBA https://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?q45=O550072I77807V07

 

IBM BigFix Compliance version 1.9.91 (Patch 3) - Released on 20 September 2017

This release covers the following fixes, and updates:

New features and updates: 

  • Update of IBM JRE to version 8.0.4.10. No user action is required for this update.
  • Update to WebSphere Liberty Profile 17.0.0.2. No user action is required for this update.
  • Fixes were applied for internal bugs and the following APARS:
    • - IV96397: Field APAR SCA imports failing with high numbers of client settings

      - IV98525: For Grid Report filtering, the “ANY" operator is being processed the same as an “ALL” filter

      - IV98659: Unable to export CSV format report in version 1.9.79

      - IV98940 - Users who are assigned multiple computer groups get an error when viewing the Overview page

Published site: 

SCM Reporting, version 114.

 

Technote:

Duplicate Applicability Fixlets and Check Fixlets might cause import errors in BigFix Compliance (BFC Analytics, previously SCA): http://www.ibm.com/support/docview.wss?uid=swg22008460

 

For first time installations:

1. In the License Dashboard in the IBM BigFix console, enable the SCM Reporting site.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Select the Fixlet named IBM BigFix Compliance 1.9 First-time Install Fixlet under the IBM BigFix Compliance Install/Upgrade menu tree node.

4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.




For upgrade installations:

Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, ensure that you perform server and database backup.

A. If you're using BigFix Compliance version 1.7, 1.8, or 1.9, follow these upgrade steps to upgrade to BigFix Compliance version 1.9 Patch 3:

1. Make sure that you performed server and database backup.

2. Make sure that known issues don't meet your environment.

3. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

4. Under the IBM BigFix Compliance Install/Ugrade menu tree item, select the IBM BigFix Compliance 1.9 Upgrade Fixlet which automatically installs and upgrades to the new version.

5. Follow the Fixlet instructions and take the associated action to upgrade your IBM BigFix Compliance deployment.

6. Update the data schema. To do this, log in to the IBM BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete.


NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Follow the Fixlet instructions to install the update manually if this fix cannot be applied.



B. If you're using a version earlier then BigFix Compliance 1.5.78, follow these upgrade steps:

1. Manually upgrade to version 1.5.78. The 1.5.78 installer can be found here.

2. Manually upgrade to version 1.8.33. The 1.8.33 installer can be found here.

3. Use the IBM BigFIx Compliance 1.9 Upgrade Fixlet to upgrade to version 1.9. See steps A.




C. If you're using a version earlier than BigFix Compliance 1.8.33, follow these upgrade steps:

1. Manually upgrade to version 1.8.33. The 1.8.33 installer can be found here.

2. Use the IBM BigFix Compliance 1.9 Upgrade Fixlet to upgrade to version 1.9. See steps A.


 

 

 

IBM BigFix Compliance version 1.9.79 (Patch 2) - Released on 24 May 2017

BigFix Compliance Setup Guide PDF | BigFix Compliance User Guide

This release covers the following fixes, and updates:

New features and updates: 

  • REST API enhancements related to overall compliance percentage, overall compliance status, 30-day compliance trend, invoking imports, and schema definition for POLICY Checklist and POLICY Checks
  • Password complexity can now be set for local users
  • Support for Windows Server 2016
  • Update of IBM JRE to version 8.0.4.2. No user action is required for this update.
  • Update to WebSphere Liberty Profile 17.0.0.1. No user action is required for this update.
  • Security enhancements

 Fixes:

Fixes were applied to internal bugs and the following APARS:

  • APAR IV93060: Console operator requirements in the sections for datasource and initial configuration.
  • APAR IV93402: Fixed so that when objects surrounding measured properties analysis are updated, the analysis will no longer be incorrectly marked as “not activated” upon importing Compliance
  • APAR IV94324: Applied fixes so that the settings to the secure attribute for session cookies and the html attribute for the password field are more secure.
  • APAR IV93665, IV94944: Fixed occurrences of SCA import failures

Fixes were applied to the following CVEs:

 For first time installations:

1. In the License Dashboard in the IBM BigFix console, enable the SCM Reporting site.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Select the Fixlet named IBM BigFix Compliance 1.9 First-time Install Fixlet under the IBM BigFix Compliance Install/Upgrade menu tree node.

4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

For upgrade installations:

Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, ensure that you perform server and database backup.

A. If you're using BigFix Compliance version 1.7, 1.8, or 1.9, follow these upgrade steps to upgrade to BigFix Compliance version 1.9 Patch 2:

1. Make sure that you performed server and database backup.

2. Make sure that known issues don't meet your environment.

3. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

4. Under the IBM BigFix Compliance Install/Ugrade menu tree item, select the IBM BigFix Compliance 1.9 Upgrade Fixlet which automatically installs and upgrades to the new version.

5. Follow the Fixlet instructions and take the associated action to upgrade your IBM BigFix Compliance deployment.

6. Update the data schema. To do this, log in to the IBM BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete.




NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Follow the Fixlet instructions to install the update manually if this fix cannot be applied. 

B. If you're using a version earlier then BigFix Compliance 1.5.78, follow these upgrade steps:

1. Manually upgrade to version 1.5.78. The 1.5.78 installer can be found here.

2. Manually upgrade to version 1.8.33. The 1.8.33 installer can be found
here.

3. Use the IBM BigFIx Compliance 1.9 Upgrade Fixlet to upgrade to version 1.9. See steps A.




C. If you're using a version earlier than BigFix Compliance 1.8.33, follow these upgrade steps:

1. Manually upgrade to version 1.8.33. The 1.8.33 installer can be found
here.

2. Use the IBM BigFix Compliance 1.9 Upgrade Fixlet to upgrade to version 1.9. See steps A.

 

Published site: 

SCM Reporting, version 112.

 

IBM BigFix Compliance version 1.9.70 - Released on 10 February 2017

This release covers the following fixes, and updates:

  • Update of IBM JRE to version 8.0.3.22. No user action is required for this update. 
  • Update of the navigation bar to align with the WebUI look and feel 
  • Fixes and workarounds were provided for the following:   
  • APAR 44481/V92305: Provided a workaround for checkfixlet errors that cause table conflict. 
  • 43766: Resolved the sentinel duplication error that occurs even if duplicates are deleted. 
  • 43797: Resolved the datasource sequence reset issue that results to an increased ETL time after upgrading to version 1.9.
  • 43909: Modified the check properties query to remediate instances when the metadata check properties are not collected correctly on DB2 BFE.
  • 44343: Resolved instances where the ETL fails after the upgrade from 1.8 to 1.9 and an exception gets added to environment.  
  • 44457: Fixed Import failures in multiple datasource enviroments that are caused by checkFixlets from sites that have no subscriptions.

For first time installations:

1. In the License Dashboard in the IBM BigFix console, enable the SCM Reporting site.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Select the Fixlet named IBM BigFix Compliance 1.9 First-time Install Fixlet under the IBM BigFix Compliance Install/Upgrade menu tree node.

4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

 

For upgrade installations:

Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, ensure that you perform server and database backup.

 

A. If you're using BigFix Compliance version 1.7, 1.8, or 1.9 follow these upgrade steps to upgrade to BigFix Compliance version 1.9 Patch 1:

1. Make sure that you performed server and database backup.

2. Make sure that known issues don't meet your environment.

3. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

4. Under the IBM BigFix Compliance Install/Ugrade menu tree item, select the IBM BigFix Compliance 1.9 Upgrade Fixlet which automatically installs and upgrades to the new version.

5. Follow the Fixlet instructions and take the associated action to upgrade your IBM BigFix Compliance deployment.

6. Update the data schema. To do this, log in to the IBM BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete.




NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Folow the Fixlet instructions to install the update manually if this fix cannot be applied. 

 

B. If you're using a version earlier then BigFix Compliance 1.5.78, follow these upgrade steps:

1. Manually upgrade to version 1.5.78. The 1.5.78 installer can be found here.

2. Manually upgrade to version 1.8.33. The 1.8.33 installer can be found
here.

3. Use the IBM BigFIx Compliance 1.9 Upgrade Fixlet to upgrade to version 1.9. See steps A.




C. If you're using a version earlier than BigFix Compliance 1.8.33, follow these upgrade steps:

1. Manually upgrade to version 1.8.33. The 1.8.33 installer can be found
here.

2. Use the IBM BigFix Compliance 1.9 Upgrade Fixlet to upgrade to version 1.9. See steps A.


 

Published site:

SCM Reporting, version 106.

 

IBM BigFix Compliance version 1.9.60 - Released on 14 December 2016

This release covers the following fixes, and updates:

  • BigFix Compliance Analytics now provides a policy compliance reporting capability that allows for more effective analysis and reporting of different security configuration policies. PCI DSS policies are available for users of the Compliance PCI-Add component.
  • BigFix Compliance Analytics users can receive email notifications for failed imports and when unexpected changes to target reports occur. Unexpected changes include the disparity in expected number of rows and when the number of rows are updated on a saved report.
  • Lines with lengthy content entries are wrapped and displayed correctly on the Grid Report View and on PDF grid reports.
  • BigFix Compliance Analytics and BigFix Inventory can now be deployed on the same server without any session key conflicts
  • The BigFix Compliance Analytics Overview page does not display the Vulnerability Overview if there is no report about vulnerability.
  • Upgrade to Ruby on Rails 4.2. No user action is required for this upgrade.
  • Update of IBM JRE to version 8.0.3.20. No user action is required for this update.
  • Support of upgrades from earlier versions of Compliance

Known issues:

 

Actions to take:

For first time installation:



1. In the License Dashboard in the IBM BigFix console, enable the SCM Reporting site.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Select the Fixlet named IBM BigFix Compliance 1.9 First-time Install Fixlet under the IBM BigFix Compliance Install/Upgrade menu tree node.

4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

 

For upgrade installations:

Refer to the prescribed upgrade steps for the BigFix Compliance version that you are using.

IMPORTANT: Before you start any upgrade process, ensure that you perform server and database backup.

A. If you're using BigFix Compliance version 1.7 or 1.8, follow these upgrade steps to upgrade to BigFix Compliance version 1.9:

1. Make sure that you performed server and database backup.

2. Make sure that known issues don't meet your environment.

3. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

4. Under the IBM BigFix Compliance Install/Ugrade menu tree item, select the IBM BigFix Compliance 1.0 Upgrade Fixlet which automatically installs and upgrades to the new version.

5. Follow the Fixlet instructions and take the associated action to upgrade your IBM BigFix COmpliance deployment.

6. Update the data schema. To do this, log in to the IBM BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data scheme is expected and it will take some time to complete.

NOTE: Automatic upgrade installation only affects installations running under the LocalSystem account. Folow the Fixlet instructions to install the update manually if this fix cannot be applied.

B. If you're using a version earlier then BigFix Compliance 1.5.78, follow these upgrade steps:

1. Manually upgrade to version 1.5.78. The 1.5.78 installer can be found here.

2. Manually upgrade to version 1.8.33. The 1.8.33 installer can be found here.

3. Use the IBM BigFIx Compliance 1.9 Upgrade Fixlet to upgrade to version 1.9. See steps A.

C. If you're using a version earlier than BigFix Compliance 1.8.33, follow these upgrade steps:

1. Manually upgrade to version 1.8.33. The 1.8.33 installer can be found here.

2. Use the IBM BigFix Compliance 1.9 Upgrade Fixlet to upgrade to version 1.9. See steps A.

 

Published site:

SCM Reporting, version 104.

 

BigFix Compliance User Guide: http://www.ibm.com/support/knowledgecenter/SS6MCG_9.5.0/com.ibm.bigfix.compliance.doc/Compliance/SCA_Users_Guide/securityandcomplianceanalyticsuserguide.html

BigFix Compliance Setup Guide: http://www.ibm.com/support/knowledgecenter/SS6MCG_9.5.0/com.ibm.bigfix.compliance.doc/Compliance/SCA_Setup_Guide/securityandcomplianceanalyticssetupguide.html

BigFix Compliance Payment Card Industry (PCI) Add-on Guide: http://www.ibm.com/support/knowledgecenter/SS6MCG_9.5.0/com.ibm.bigfix.compliance.doc/pci.html

 

IBM BigFix Compliance version 1.8.33 (Patch 1)  - Released on 9 June 2016

This patch release covers the following fixes, and updates:

  • Fixed APARs:
    • APAR IV71727 All of the vulnerabilities within the Analytics console differ from the BigFix console.
    • APAR IV83438 Security APAR, Multiple RubyonRails vulnerabilities in IBM BigFix Compliance
    • APAR IV84159 BigFix 9.2.6 Incorrect view of checks in the Groups view in SCA
    • APAR IV84868 New vulnerability to Windows system checks are not available in SCA
    • APAR IV85040 SCA Import failed due to null values
  • Resolved advisories
    • IBM JRE 8.0.3.0
      • Advisory ID: 5254: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 - Includes Oracle Apr 2016 CPU + 3 IBM CVEs
      • Advisory ID: 5154: CODE BLUE [SE-2012-01] Broken security fix in IBM Java
    • InstallAnywhere Hotfix IOJ-1756928
      • Advisory ID: 4782: InstallShield and InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability

 

Published site version:

SCM Reporting site, version 99.

 

Actions to take:

If you are using IBM BigFix Compliance 1.7.55 or earlier versions:

1. Gather the SCM Reporting site, version 99.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Under the IBM BigFix Compliance Install/Upgrade menu tree item, select the IBM BigFix Compliance 1.8 Upgrade Fixlet, which automatically installs and upgrades to the new patch. Follow the Fixlet instructions and take the associated action to upgrade your IBM BigFix Compliance deployment.

4. Update the data schema. To do this, log in to the IBM BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data schema is expected and it will take sometime to complete.

Note: BigFix Compliance version 1.5.78 is the minimum version required to upgrade to BigFix Compliance 1.8.

 

If you have not yet installed IBM BigFix Compliance or SCA, refer to these steps for first time installations.

1. In the License Dashboard in the IBM BigFix console, enable the SCM Reporting site.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Select the Fixlet named IBM BigFix Compliance 1.8 First-time Install Fixlet under the IBM BigFix Compliance Install/Upgrade menu tree node.

4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

 

IBM BigFix Compliance version 1.8.16  - Released on 31 March 2016

This release covers the following features, fixes, and updates: 

  • Support for BigFix Platform 9.5
  • Update to IBM Java 8.0.2.11
  • Update to IBM WebSphere Application Server 8.5.5.9 Liberty Profile
  • Update to Ruby on Rails 3.2.22.2
  • Fixes:
    •  APAR IV80537 - SCA 1.7.38 has poor web console performance, with response times up to 5 minutes
    • APAR IV79706 - Unable to use current active directory usernames when migrating to LDAP authentication and upgrading SCA to version 1.6



Published site version:

SCM Reporting site, version 98.



Actions to take:

If you are using IBM BigFix Compliance 1.7.55 or earlier versions:

1. Gather the SCM Reporting site, version 98.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Under the IBM BigFix Compliance Install/Upgrade menu tree item, select the IBM BigFix Compliance 1.8 Upgrade Fixlet, which automatically installs and upgrades to the new patch. Follow the Fixlet instructions and take the associated action to upgrade your IBM BigFix Compliance deployment.

4. Update the data schema. To do this, log in to the IBM BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data schema is expected and it will take sometime to complete.

Note: BigFix Compliance version 1.5.78 is the minimum version required to upgrade to BigFix Compliance 1.8.



If you have not yet installed IBM BigFix Compliance or SCA, refer to these steps for first time installations.

1. In the License Dashboard in the IBM BigFix console, enable the SCM Reporting site.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Select the Fixlet named IBM BigFix Compliance 1.8 First-time Install Fixlet under the IBM BigFix Compliance Install/Upgrade menu tree node.

4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

 

IBM BigFix Compliance version 1.7.55 (Patch 1) - Released on 19 November 2015

This patch release covers an APAR fix and addresses security vulnerability to CVE-2015-2017.

  • Fixed APAR IV75080 - Application files are viewable in the browser via "WEB-INF./"
  • Addressed susceptibility to the following security vulnerability: CVE-2015-2017 - HTTP response splitting attack in WebSphere Application Server

Published site version:

SCM Reporting site, version 97.

 

Actions to take:

If you are using IBM BigFix Compliance 1.7.38 or earlier:

1. Gather the SCM Reporting site, version 97.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Under the IBM BigFix Compliance Install/Upgrade menu tree item, select the IBM BigFix Compliance 1.7 Upgrade Fixlet, which automatically installs and upgrades to the new patch. Follow the Fixlet instructions and take the associated action to upgrade your IBM BigFix Compliance deployment.

4. Update the data schema. To do this, log in to the IBM BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data schema is expected and it will take sometime to complete.

Note: BigFix Compliance version 1.5.78 is the minimum version required to upgrade to BigFix Compliance 1.7.

 

If you have not yet installed IBM BigFix Compliance or SCA, refer to these steps for first time installations.

1. In the License Dashboard in the IBM BigFix console, enable the SCM Reporting site.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

3. Select the Fixlet named IBM BigFix Compliance 1.7 First-time Install Fixlet under the IBM BigFix Compliance Install/Upgrade menu tree node.

4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

 

IBM BigFix Compliance 1.7.30 - Released on 2 October 2015

Additional References: User Guide | Setup Guide

The release note of IBM BigFix Compliance version 1.7.30, formerly called IBM Endpoint Manager for Security and Compliance Analytics (SCA).

This release covers the following features, fixes, and updates: 

  • Single Sign-On user authentication using SAML 2.0
  • Single Sign-On user authentication using LTPA Token
  • Added REST API Token revocation
  • Update to IBM Java 8.0.1.10
  • Update to IBM WebSphere Application Server 8.5.5.7 Liberty Profile
  • Fixes and enhancements:
    • IV77343 - LDAP user can't login SCA
    • IV77429: The context is around click jacking

Published site version:

SCM Reporting site, version 91.

Actions to take:

If you are using IBM BigFix Compliance 1.6.139 or earlier versions:

  1. Gather the SCM Reporting site, version 91.
  2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
  3. Under the IBM BigFix Compliance Install/Upgrade menu tree item, select the IBM BigFix Compliance 1.7 Upgrade Fixlet, which automatically installs and upgrades to the new patch. Follow the Fixlet instructions and take the associated action to upgrade your IBM BigFix Compliance deployment.
  4. Update the data schema. To do this, log in to the IBM BigFix Compliance web interface from the host server and proceed with configuration. Upgrading the data schema is expected and it will take sometime to complete.

Note: BigFix Compliance version 1.5.78 is the minimum version required to upgrade to BigFix Compliance 1.7.30.

If you have not yet installed IBM BigFix Compliance or SCA, refer to these steps for first time installations.

  1. In the License Dashboard in the IBM BigFix console, enable the SCM Reporting site.
  2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.
  3. Select the Fixlet named IBM BigFix Compliance 1.7 First-time Install Fixlet under the IBM BigFix Compliance Install/Upgrade menu tree node.
  4. Follow the Fixlet instructions and take the associated action to install your BigFix Compliance deployment.

 

SCA 1.6.139 - Released on 22 July 2015

Additional References: Setup Guide | User Guide

This patch release covers the following fixes and updates:

  • Fixed the following:
    • Bug 67793: The dropdown to edit user groups now has a scrollbar if the list is too long and goes beyond the screen limit.
    • Bug 56776: OpenLDAP settings now use posixAccount and posixGroup as the default name/values for the user and group filters.
    • Bug 67012: Sibling computer groups with the same name are not allowed.
    • Bug 43621 Checks with multiple parameters that are without default values should all show <none> in the DSS desired value column.
    • Bug 59404 Boolean int, string values for metadata attribute 'hidden' are now allowed.
    • RTC 28715: Users are now prevented from extracting datasource passwords via JSON.
  • Moved to Rails 3.2.22.
  • Reverted to using single monolithic transaction for ETL.
  • Updated to IBM Java 7.1.3.1.

Action to take:

If you are using SCA 1.6.133:

  1. Gather the SCM Reporting site, version 88.
  2. Under the SCA Install/Upgrade menu tree item, select the TEM SCA 1.6 Upgrade Fixlet, which automatically installs and upgrades to the new patch. Follow the Fixlet instructions and take the associated action to upgrade your SCA deployment.
  3. Update the data schema. To do this, log in to the TEMA web interface from the host server and proceed with configuration. Upgrading the data schema is expected and it will take sometime to complete.

If you have not yet installed SCA 1.6.133, refer to the Installation Instructions section for first time installations.

 

Published site version:

SCM Reporting site, version 88.

Installation Instructions:

To download IBM Endpoint Manager Analytics, perform the following steps:

1. In the IBM Endpoint Manager console, add the SCM Reporting masthead.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.

For first time installations:

1. Select the TEM SCA 1.6 First-time Install Fixlet under the SCA Install/Upgrade menu tree.

2. Take the associated action and follow the installation steps in the description of the Fixlet.

To upgrade existing installations:

You must update the data schema if you are upgrading your version of Security and Compliance Analytics. From the server hosting Security and Compliance Analytics, access the web interface and click Upgrade Schema.



Note: Version 1.4 is the minimum version that is required to upgrade to Security and Compliance Analytics 1.6.

1.    Select the TEM SCA 1.6 Upgrade Fixlet under the SCA Install/Upgrade menu tree item.

2.    Follow the Fixlet instructions and take the associated action to upgrade your TEM SCA deployment.



Note: If you are upgrading from SCA 1.6.133, no additional installation and configuration steps are required. Otherwise, log in to the TEMA web interface from the host server and proceed with configuration. Upgrading the data schema is expected and it will take sometime to complete.

 

SCA 1.6.133 - Released on 18 May 2015

Additional References: Setup Guide | User Guide

This release covers the following enhancements and fixes:

  • Enhanced flexibility of computer groups associations. Using this feature, you can now make changes and assign users to complex computer groups without affecting the integrity of the compliance data that are reported.
  • Migration from Jetty to IBM Websphere
  • Support for Transport Layer Security (TLS) 1.2 for HTTPS connections that are configured for TLS 1.2
  • Updated Security and Compliance Analytics installer
  • Expanded support for Windows 2012 R2 and Microsoft SQL 2014
  • End of support for versions of IBM Endpoint Manager earlier than 9.0
  • Support of operating systems with 64-bit versions only
  • Performance improvements when importing
  • Updated interface
  • Provided fixes and addressed the following:
  • 66946: (SCA) The PDF export failed and has an SSLHandshakeErrorTracker error
  • 62840: (TEMA) Unable to login AD with following style [DOMAIN]\[USER]
  • 66817: (TEMA) The User Provisioning search returns an error with Secure Global Catalog Services
  • 64844: (TEMA)  Missing translation keys for TEMA SCA 1.5 features
  • 56424: (TEMA) Delete and add datasource should trigger a pending Import icon
  • 66892: (SCA) Unable to accept RSA private key with password (HTTPS configuration)
  • 67503: (TEMA) Import schedule does not acceptt 'PM' in Japanese or Korean locale
  • 58523: (TEMA) Mail Settings: The Save button shows 'Saving...' when sending test email
  • 66548: (SCA) SCM reporting wizard fails and has errors when synchronizing (PMR 7800442000, APAR IV71450)
  • 66004: (SCA) The filter on SCA 'Check Result' doesn't work if enabled in 'State column in 'Configure View'  (PMR 53999999760, APAR IV69022
  • 63425: (SCA) SCA Import failing with Java::JavaLang::OutofMemoryError: Java heap space error (PMR 54880, 442,000; 06877,67C,760)
  • 61417: (SCA) Initial ETLfailed at SCM::Sentinel with SQL error in insert duplication key error (PMR 72384,442,000; 82539,442,000; 76771,499,000; 05086,100,838; 28453,070,724)
  • 66165: (SCA) Security and Compliance Analytics dashboard does not support Win server 2012 R2 (PMR 78306,499,000; 79361,420,631; 49633,004,000; 91067,661,706, APAR IV69341)
  • 65339, 66166, 66622: (SCA) Flexera software installer is not compatible with Win 2012 R2 (PMR 78309499000)
  • 62517: (SCA) Error: 500 5.5.1 Command unrecognized: ">" when attempting to send SCA report via email. (PMR[C]85540,057,649)

Installation Instructions:

To download IBM Endpoint Manager Analytics, perform the following steps:

1. In the IBM Endpoint Manager console, add the SCM Reporting masthead.

2. In the Security Configuration domain in the console, open the Configuration Management navigation tree.



For first time installations:

1. Select the TEM SCA 1.6 First-time Install Fixlet under the SCA Install/Upgrade menu tree.

2. Take the associated action and follow the installation steps in the description of the Fixlet.



To upgrade existing installations:

You must update the data schema if you are upgrading your version of Security and Compliance Analytics. From the server hosting Security and Compliance Analytics, access the web interface and click Upgrade Schema.

Note: Version 1.4 is the minimum version required to upgrade to Security and Compliance Analytics 1.6.

1.    Select the TEM SCA 1.6 Upgrade Fixlet under the SCA Install/Upgrade menu tree item.

2.    Follow the Fixlet instructions and take the associated action to upgrade your IEM SCA deployment.

 

SCA 1.5.92 - Released 9 April 2015

Additional References: Setup Guide | User Guide

This patch release provides fixes that address the following vulnerabilities:

This patch also provides fixes for 66004: The filters on Check Result are no longer ignored when the state column is selected and the top level criteria is set to 'ANY’.

Limitations:

Following the application of this patch, you must reset jetty.xml if you upgraded SCA from HTTPS protocol. This resolves an issue in generating PDFs introduced by the disabling of SSLv3.

To reset jetty.xml, perform the following steps upon completion of the patch upgrade:

1. Log in to the SCA web console.

2. Go to Management > Server Settings.

3. Click Save to ensure that jetty.xml gets updated.

4. Click Restart Service to apply the change.

Note:

If jetty.xml is reset before the upgrade, the changes made on jetty.xml will not apply any fixes.

Published site

SCM Reporting site, version 81.

(Site versions included for air-gap customers)

Download and Installation instructions:

To download IBM Endpoint Manager Analytics, perform the following steps:

1.    In the IBM Endpoint Manager console, add the SCM Reporting masthead.

2.    In the Security Configuration domain in the console, open the Configuration Management navigation tree.

For first time installations:

3.    Click the Security and Compliance Analytics dashboard.

4.   From the list of supported endpoints, select the target server and click Deploy Installer. An action opens that downloads the SCA software into a Tivoli Endpoint Manager Analytics folder inside the client folder on that server. For example, c:\Program Files\BigFix Enterprise\BES Installers\TEMA).

Note: If you are using the x86 version of a Windows operating system, the path to the install location will be c:\Program Files (x86)\BigFix Enterprise\BES Installers\TEMA.

For upgrading an existing installation:

3.   Under the Upgrade menu tree node, select the Fixlet named TEM SCA Upgrade (<latest available version of SCA>).

4.   Follow the Fixlet instructions and take the associated action to upgrade your TEM SCA deployment.

 

SCA 1.5.78 - Released 8 October 2014

Additional References: Setup Guide | User Guide

This release covers the following fixes and vulnerability updates:

  • Feature to configure report definitions across TEMA instances through REST API
  • Enhancements to report viewing:
    • Automatic exclusion of non-relevant template checklists from a user's SCA reports
    • Exclusion of Action sites as a checklist
    • Exclusion of checklist that have no SCM content
    • Inclusion of only the checklists that are subscribed to a user's viewable computers in the reports
    • Setup up default views for report resources
    • Set up a default home page
  • Credentials obfuscation for database users
  • Exclusion of Action sites as a checklist (Fix for Bug# 59667)
  • Support for LDAP Active Directory global catalog
  • Support for the following:
  • Microsoft SQL versions 2012
  • Microsoft SQL versions 2014
  • Windows SQL Server 2012
  • Provided fixes and addressed the following:
    • 53648:  SCA Reporting does not report the UNIX Vulnerability History (PMR 59603,499,000)
    • 57316:  Import of SCM in TEMA 1.3.33 fails because of OOM (PMR 10560,999,744, 05996,019,866)
    • 59667:  A site without an SCM check is shown in TEMA SCA (39094,842,758)
    • 60868:  Ability to select which checks to import. In TEMA SCA 1.5, no checklist is shown in the TEMA Analytics UI if there is 0 computer subscribed to the site (91187,019,866).
    • 61631:  Upgrading to SCA 1.4 fails with a 'duplicate key' error. The site name contains special characters that TEMA SCA treated as the same character ([C]09006,379,000).
    • 62328:   Error when trying to delete old data source out of TEMA SCA datasources view (27703,442,000).
    • 62489: Error indicating that there's not enough memory error when the user attempts to add DB2 database as a datasource in TEMA SCA configuration. SCA 1.5 fixed the memory limitation error. (53320,442,000, [C]05875,49R,000).
    • 62875, 64870: When exporting SCA to .CSV file, the line feed as a field separator is not recogized. (47136,694,760).
    • 63285: Error when attempting to connect TEMA SCA to datasource (81167,122,000).
    • 63962: ETL Failed over DB2 TEM DB 9.1.x (03058,442,000)
    • 30316: Computers that are marked as deleted with BESComputerRemover still appear in TEMA
    • 46477: Slow Report Page load performance over a large check result set
    • 55527: TEMA does not handle IEM that being used by SCA and SUA with different BES schema extension requirements
    • 57769: DB2: ETL fails against DB2 with Windows external site in a localized deployment
    • 61372: TEMA fails to initialize after install due to an error caused by JRuby upgrade.
    • 61415: The About menu does not work.
    • 61669: SCA fresh installation fails with exception on production due to an error caused by Jruby upgrade.
    • 61730: Scheduled report emails fail to send after upgrade to 1.4.35.
    • 62387: Computer Property Values fail to populate if computers are updated mid-ETL
    • 62391: Datasource sequence is calculated at ETL start
    • 62725: Hard deleted computer fix should only target the most recent computer SCD rows
    • 63059: The TEMA installer does not open the HTTPS URL when upgraded
    • 63181: SCA 1.5 service name & description needs update in the installer.
    • 63291: SCA does not accept RSA keys (HTTPS configuration).
    • 63369: Check on saved report returns the following error: undefined method `locale=' for #<ReportSubscription @values={}>.
    • 63493: The TEMA SCA upgrade failed when DB auth for IEM/TEMA has the correct SQL Auth with sysadmin but not the DBOwner.
    • 63495: TEMA SCA UI doesn't display well on IE after the upgrade
    • 63522: SCA 1.4.46: An error returns when Check or Check result reports is selected.
    • 63565: Wrong ssl port (LDAP) for active directory
    • 63627: TEMA is prompted to reconfigure database connection but fails to reconnect after a new database is provided
    • 63634: TEMA fresh install fails and has a page error when the Operator provides an incorrect database credential
    • 63744: Failed TEMA service restart after port changes were made
    • 63871: The scheduled report with PDF is not sent
    • 64059: Memory leak over continuous ETL (with JRuby)

 

SCA 1.4.46 - Released February 27, 2014

This patch release covers the following fixes and vulnerability updates:

  • Fixed the following upgrade issues:
    • 60536 : User provisioning returns an exception error that indicates that the time limit has been exceeded
    • 61631 : Upgrade to SCA 1.4 fails with 'duplicate key' error
    • 60662 : Upgrade to TEMA SCA 1.4.35 brought the following error: HTTP ERROR: 503 SERVICE_UNAVAILABLE
    • 61730 : Upgrade to TEMA SCA 1.4.35 made scheduled report emails fail
  • Addressed  TEMA susceptibility to various Java vulnerabilities (CVE-2013-4491, 61368 and 61363). For detailed vulnerability updates, see    http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013

 

SCA 1.4.35 - Released November 21, 2013

This patch release covers the following enhancements and fixes:

  • Added a feature to allow multiple scheduled imports on a daily interval.
  • Added a feature in the check report page to show the check description value.
  • Fixed the issue where the measured value column in the CVS export file shows blank data when opened in Excel. The issue was caused by the data wrap in the second line. (PMR: [C]82040,122,000)
  • Fixed the issue where the SCA fails to export PDF files when the user is viewing multiple records (PMR: [C]11852,999,744)
  • Fixed the upgrade issue that occurs during a database schema update when an NT service user name is not being validated due to a case mismatch. SCA attempts to match the DB owner user name with that of the SCA user name accessing the database. (PMR: [C]65387,L6Q,000; [C]55310,499,000)
  • Fixed the following LDAP issues:
    • 60536: User provisioning returns an exception error that indicates that the time limit has been exceeded
    • 60507: User provisioning takes long time and returns an exception error that indicates that the size limit has been exceeded
    • 60505: LDAP test connection takes a long time over large TDS LDAP repositories and test results indicate that the size limit has been exceeded
    • 59825: LDAP authentication does not work for Tivoli Directory Server (TDS)

 

SCA 1.4.29 - Released October 11, 2013

This maintenance patch release supports the upgrade path from TEMA SCA 1.3.33 to 1.4.29. Users who already have TEMA 1.4.28 do not require upgrades.

 

SCA Patch 1.4.28 - Released October 2, 2013

  • Fixed the issue of SCA not exporting the data correctly to CSV. The CVS export generation time was optimized. (PMR: [C]20178,442,000)
  • Fixed the TEMA SCA 1.4 issue of failed upgrades during the update of the database schema. The fix resolved the upgrade error for the historically deleted Vulnerability checklist. (PMR: 65387,L6Q,000; 55310,499,000)

Actions to take 

To download IBM Endpoint Manager Analytics, perform the following steps:

1.    In the IBM Endpoint Manager console, add the SCM Reporting masthead.

2.    In the Security Configuration domain in the console, open the Configuration Management navigation tree.

For first time installations:

3.    Click the Security and Compliance Analytics dashboard.

4.   From the list of supported endpoints, select the target server and click Deploy Installer. An action opens that downloads the SCA software into a Tivoli Endpoint Manager Analytics folder inside the Tivoli Endpoint Manager client folder on that server. For example, c:\Program Files\BigFix Enterprise\BES Installers\TEMA).

Note: If you are using the x86 version of a Windows operating system, the path to the install location will be c:\Program Files (x86)\BigFix Enterprise\BES Installers\TEMA.

For upgrading an existing installations:

3.   Under the Upgrade menu tree node, select the Fixlet named TEM SCA Upgrade (<version>), where <version> is the latest available version of SCA and is listed above.

4.   Follow the Fixlet instructions and take the associated action to upgrade your TEM SCA deployment.