The VMware Center for Policy & Compliance (CP&C) team is pleased to announce the release of a compliance toolkit for blocking the ‘Get Windows 10’ application on all applicable machines.
Microsoft is set to release Windows 10 on July 29th, and will also be available as a free upgrade for applicable systems via the ‘Get Windows 10’ application. In the Enterprise environment, it is important to maintain control over your devices, and the ‘Get Windows 10’ application can cause quite a stir in the corporate environment. There is however relief for those Administrators who wish to smite the application from their environment to ensure that there are no unplanned upgrades.
The “Blocker for ‘Get Windows 10’ application” compliance template in VMware vRealize Configuration Manager (VCM) provides an option to quickly check and enforce remediation to prevent any unplanned upgrade of Windows. The enforcement checks and creates an registry key if needed, and then an registry value to disable the GWX application, which provides an option to upgrade the existing version of Windows.
VMware vRealize Configuration Manager is not limited to compliance. This solution supports configuration and compliance assessment of your Docker containers, *NIX, Windows and Virtual environments along with patching, change management and various other asset management and reporting capabilities. It also support other regulatory and industry accepted security benchmarks and guidelines such as HIPAA, PCIDSS, DISA, CIS, IRS, SOX, etc. If you have any questions about this solution, please post them here.
Thanks and Regards,
CISSP | CCSK | ITIL | MCSE | Security+
The VMware Center for Policy & Compliance (CP&C) team is pleased to announce the release of PCI DSS 3.1 compliance toolkits for VMware vSphere 6.0 and other platforms – Windows, *NIX, and VMware vSphere 5.5, 5.1 and 5.0 in VMware vCenter Configuration Manager (VCM). The toolkits consists of automated compliance rules to assess your environment against PCI DSS 3.1 requirements.
PCI Security Standards Council (PCI SSC) council quickly updated the standards from 3.0 to 3.1 in wake of SSL vulnerability on 15 Apr 2015. As per the announcement by the PCI council, the revision includes minor updates and clarifications, and addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk. PCI DSS Version 3.1 is effective immediately following the publication, 15 Apr 2015. PCI DSS Version 3.0 will be retired on 30 June 2015.
The VMware Center for Policy & Compliance (CP&C) team is pleased to announce the release of VMware vSphere 6.0 Hardening Guide Compliance toolkit in VMware vCenter Configuration Manager (VCM). The toolkit consists of automated compliance rules to assess your VMware vSphere 6 based virtualized environments against the hardening guide. It covers 100% of the hardening guide recommendations.
The hardening guide has three risk profiles that group the recommendations based on the sensitivity of your environment. You can pick the compliance toolkits for respective risk profile or get all the rules at once and then make modifications to suit your sensitivity category.
Today VMware has released the following new security advisory:
VMware Workstation, Fusion and Horizon View Client updates address critical security issues – CVE-2012-0897, CVE-2015-2336, CVE-2015-2337, CVE-2015-2338, CVE-2015-2339, CVE-2015-2340, CVE-2015-2341.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.
Sr. Program Manager – VMware Security Response Center