Home > Blogs > VMware Security & Compliance Blog


VMware releases CJIS compliance toolkit in VCM for Windows based environments

VMware is pleased to announce the availability of automated compliance assessment toolkit for Criminal Justice Information Services (CJIS) security policy in VMware vRealize Configuration Manager (VCM). The toolkit aligns with CJIS Security Policy version 5.3 and maps to 92 checks on various MS-Windows flavors. Using the toolkit on VCM, various law enforcement agencies such as state, local, federal, and international partners, can quickly assess Windows configuration and compare with CJIS Security Policy requirements. Additionally, you can remediate the infringements with an effort of a few clicks. Get the product sheet!

The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. This Policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.

The compliance toolkit addresses below CJIS security policy areas:

Policy Area 4 Auditing and Accountability
5.4.1 Auditable Events and Content (Information Systems)
5.4.1.1 Events
5.4.4 Time Stamps
5.4.5 Protection of Audit Information
Policy Area 5 Access Control
5.5.1 Account Management
5.5.2 Access Enforcement
5.5.2.1 Least Privilege
5.5.2.2 System Access Control
5.5.2.3 Access Control Criteria
5.5.3 Unsuccessful Login Attempts
5.5.4 System Use Notification
5.5.5 Session Lock
5.5.6 Remote Access
Policy Area 6 Identification and Authentication
5.6.1 Identification Policy and Procedures
5.6.2.1.1 Password
Policy Area 7 Configuration Management
5.7.1.1 Least Functionality
Policy Area 10 Systems and Communications Protection and Information Integrity
5.10.1.1 Boundary Protection
5.10.1.2 Encryption
5.10.1.3 Intrusion Detection Tools and Techniques
5.10.4.3 Spam and Spyware Protection

These policy areas are mapped to various Windows configuration checks. The automated toolkit makes it easy to run the assessments against the large set of systems and give comprehensive status.

You can quickly navigate to detailed results panel where you can sort and group the results the way you like it and take necessary actions on them – remediate, add exception, create report and various others.

image3

VMware vRealize Configuration Manager is not limited to just CJIS compliance. This solution supports configuration and compliance assessment of your Docker containers, *NIX, Windows and Virtualized environments along with patching, change management and various other asset management and reporting capabilities. It also support other regulatory and industry accepted security benchmarks and guidelines such as HIPAA, DISA, PCI DSS 3.1, CIS, IRS, SOX, etc. If you have any questions about this solution, please post them in VCM community.

Thanks and regards,
Pravin Goyal, CISSP | CUA | TOGAF | CCSK | CWSP
RHCE | HP-UX CSA | VCP4-DCV | MBA | GISP | CloudU | CompTIA CE | ITIL-F | ITSM-F | CWNA | Mobility+ | VSP 2015

This entry was posted in Uncategorized and tagged , , , , , on by .

About Pravin Goyal

Pravin Goyal is an information security and regulatory compliance expert in CMBU. He delivers and also leads various security projects such as security and compliance policies for PCI DSS 3.1, HIPAA, IRS, DISA, CIS, vSphere hardening guides and NSX hardening guides He loves to keep abreast of latest developments in the field and find compelling ideas to bring some additional business and profitability to VMware. Additionally, he believes in collaborating across BUs and Companies to deliver customer-facing solutions. Off late, he has authored CIS Docker 1.6 and CIS Docker 1.11.0 Security Configuration Benchmark, NSX-v 6.1 hardening guide and is a co-author of vSphere hardening guide. He is leading the STIG compliance project from CMBU. https://www.linkedin.com/in/pravin-goyal-b7299b33