Home > Blogs > VMware Security & Compliance Blog


VMware releases STIG Compliance App for FREE

Hello Everyone,

I am pleased to announce the availability of VMware STIG Compliance App. Using this app, you can assess, remediate and harden remote *NIX machines in line with STIG (Security Technical Implementation Guide) or any other security configuration benchmark. The app is available as a container image.

The app supports and requires configuration benchmark to be in SCAP 1.2 format and is capable of performing XCCDF or OVAL assessments. The app uses OpenSCAP as the assessment engine and Ansible as the action engine for performing remediation and hardening.

Let us take a security configuration example.

Requirement – The SSH daemon must set a timeout interval on idle sessions to 15 minutes.

Assessment/Remediation Needed – In the /etc/ssh/sshd_config file, ensure that the ClientAliveInterval parameter is set to 900 seconds.

A typical assessment and remediation snippet would look like below:

OVAL Assessment:

OVAL Assessment Stub

OVAL Assessment Stub

Remediation encapsulated in XCCDF fix element:

Remediation Stub

Remediation Stub

That’s it. Put together your OVAL assessments and remediation stubs and leave the rest to the app. So, grab the app and get started using the cool demonstration videos!

I am looking forward to hearing from you.

Thanks and regards,
Pravin Goyal
CISSP | CUA | TOGAF | CCSK | CWSP
RHCE | HP-UX CSA | VCP4-DCV | MBA | GISP | CloudU | CompTIA CE | ITIL-F | ITSM-F | CWNA | Mobility+ | VSP 2015

This entry was posted in Uncategorized and tagged , , , , , , , , , , on by .
Pravin Goyal

About Pravin Goyal

Pravin Goyal is an information security and regulatory compliance expert in CMBU. He delivers and also leads various security projects such as security and compliance policies for PCI DSS 3.1, HIPAA, IRS, DISA, CIS, vSphere hardening guides and NSX hardening guides He loves to keep abreast of latest developments in the field and find compelling ideas to bring some additional business and profitability to VMware. Additionally, he believes in collaborating across BUs and Companies to deliver customer-facing solutions. Off late, he has authored CIS Docker 1.6 and CIS Docker 1.11.0 Security Configuration Benchmark, NSX-v 6.1 hardening guide and is a co-author of vSphere hardening guide. He is leading the STIG compliance project from CMBU. https://www.linkedin.com/in/pravin-goyal-b7299b33

One thought on “VMware releases STIG Compliance App for FREE

  1. Les Kimmel

    I don’t see the requirement anywhere but given that this is using Ansible I assume this requires Python on the remote machine, no?

Comments are closed.