Home > Blogs > VMware Security & Compliance Blog > Tag Archives: Audit

Tag Archives: Audit

VMware CP&C releases a FREE vSphere 5.0 hardening guideline compliance checker!

I am hanging out in NYC finishing Cloud Expo East where we delivered a rousing session on Cloud Audit & Control with Coalfire AND CP&C is now VERY pleased to announce the release of our FREE vSphere 5.0 compliance checker! Last week we rolled out the 5.0 hardening guidelines in vCenter Configuration Manager (vCM) making it the first product on the planet to have the 5.0 content for our customers. Today, we are giving you access to a FREE vSphere 5.0 compliance checker! How awesome is that?

It is so easy to download and use that you can run it while watching Euro Cup with the sound of GOOOOOOAAAAAALLLLLLLLL!!!!!!!!!! In the background!

 Here is how the vSphere 5.0 Compliance Checker works: 

  • The Compliance Checker runs an assessment on 5 host systems at a time! (The 1st five being managed by an instance of vCenter Server)

 

  • The assessment is based on a predefined subset of the 5.0 Hardening Guidelines Content that currently exist today in vCenter Configuration Manager (vCM) Part of the vCenter Operations Manager Suite (vCo Ps)

 

  • The results for each host includes the rules, the rule descriptions, and the success or failure of each rule

 

 Check out the following results report from the vSphere 5 Checker

ComplianceReport

All you have to do is authenticate into the vCenter box that you want to assess hosts on.

VSphereCC

The VMware Center for Policy & Compliance FREE Checkers are sweeter than bacon and designed to get you hooked & come back for more! 

Here is the link so you can get started hardening your vSphere Environment today. (Remember, we have FREE checkers for vSphere 4.0 & 4.1 AND for PCI 2.0 Windows & Linux)

http://www.vmware.com/go/free-compliance-check-for-vsphere

Next, look for CP&C to release a HIPAA Checker that will be hotter than the Miami HEAT!

Now this poses a few questions and we would love to get your feedback: 

1. Are free tools like this helpful?

2. How do you currently lock down your vSphere environment?

3. Would remediation of the non-compliance results be a good next step?

4. Do you care about regulatory compliance & vendor best practices? If so, which ones? (PCI, HIPAA, DISA, CIS…) 

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum: 

 

Cambio y Fuera!

George Gerchow – Director, VMware Center for Policy & Compliance


 

VMware (CP&C) Releases PCI 2.0 FREE Compliance Checkers!

Hola Amigos y Amigas,

Today we are going to give you access to two (That’s right, DOS!) FREE downloadable tools that help you get started on the journey to achieving PCI 2.0 Compliance.

The PCI 2.0 Compliance Checkers for Windows and LINUX are fresh off the virtual assembly line and compiled by the good folks at VMware’s Center for Policy & Compliance! (CP&C)

 Here is how they work: 

  • The Compliance Checkers run an assessment on 5 Guest systems at a time!
  • The assessment is based on a predefined subset of the PCI 2.0 Content that currently exist today in vCenter Configuration Manager (vCM) Part of the vCenter Operations Manager Suite
  • The results for each guest includes the rules, the rule descriptions, and the success or failure of each rule

 Check out the following results report from the LINUX Checker. Pure AWESOMENESS! 

PCI.Checker.Linux.4.12

The Compliance Checkers are designed to get you hooked and come back for more! 

Here is the link so you can get started hardening your vSphere and Guest Environment today. (Remember, we have FREE checkers for vSphere 4.0 & 4.1)

https://www.vmware.com/tryvmware/?p=compliance-chk&lp=default&cid=70180000000MJsMAAW

The vSphere 5.0 Checker will soon be on its way like a Tim Tebow Comeback! (Too bad his comebacks will be for the Jets, I love my Broncos but am not happy about the Manning move.) Just sayin…

Now this poses a few questions and we would love to get your feedback: 

1. Are free tools like this helpful?

2. How do you currently lock down your vSphere environment?

3. Would remediation of the non-compliance results be a good next step?

4. Do you care about regulatory compliance & vendor best practices? If so, which ones? (PCI, HIPAA, DISA, CIS…) 

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum: 

 Peace Out!

George Gerchow – Director, VMware Center for Policy & Compliance

 

 

CP&C Releases vCM PCI 2.0 Content, Combine this with vShield & WOW!

The VMware Center for Policy and Compliance is pleased to announce our latest content update for PCI 2.0 in vCenter Configuration Manager ™ (VCM).

PCI 2.0 is right around the corner 2k12 and many of you should be preparing for these audits yesterday!

Are any of you starting to prep for PCI 2.0? Please share your concerns, we want to help! Get CP&C in touch with your QSA.

Here is a sample of what has changed, for more information check out the PCI DSS v2 Summary of Changes doc.

Scope of Assessment for Compliance with PCI DSS Requirements

  • Added “virtualization components” to the definition of “system components.”  

Network Segmentation

  • Added clarifications including that segmentation may be achieved through physical or logical means 

What’s new in this package? Platform support for:

  • Windows 7,
  • Windows Vista
  • Windows XP
  • Windows 2003,
  • Windows 2008
  • vSphere/ESX
  • UNIX & LINUX 

How does this help you address your compliance needs?

This is at the core of what VMware offers as part of our Trusted Cloud Solution. At VMworld, we announced our PCI self healing Virtual environment around CDE and auto segmentation of VM’s based upon data, defining relationships to those VM’s and continually applying policy & remediation to the entire environment. The Combination of vCM, vShield & VIN make for a Compliance Solution that is unmatched in the market and works for other use cases like HIPAA. (See Diagram Below)

Self.Healing 
 

How do you get it the new content?
Customers wishing to harden their PCI 2.0 environment can download the new content via the VCM Content Wizard

Be on the lookout for a free PCI 2.0 checker to be released by CP&C later this year!

Also, feel free to hit us up at:

Adios,
George Gerchow VMware Director, Center for Policy & Compliance