Home > Blogs > VMware Security & Compliance Blog > Tag Archives: Compliance

Tag Archives: Compliance

VMware releases OVAL content editor open source project

Hello Everyone,

Today, VMware releases SCAP 1.3 draft spec compliant Open Source project for OVAL content editor. A couple of months back VMware released an SCAP compliance assessment and remediation app for FREE. The security and compliance community loved it and came back to us asking for an easier and simpler way to write OVAL assessment rules and generate XCCDF out of it instead of handcrafting the XMLs. We listened and responded!

Continue reading

VMware releases STIG Compliance App for FREE

Hello Everyone,

I am pleased to announce the availability of VMware STIG Compliance App. Using this app, you can assess, remediate and harden remote *NIX machines in line with STIG (Security Technical Implementation Guide) or any other security configuration benchmark. The app is available as a container image.

The app supports and requires configuration benchmark to be in SCAP 1.2 format and is capable of performing XCCDF or OVAL assessments. The app uses OpenSCAP as the assessment engine and Ansible as the action engine for performing remediation and hardening.

Continue reading

VMware releases CJIS compliance toolkit in VCM for Windows based environments

VMware is pleased to announce the availability of automated compliance assessment toolkit for Criminal Justice Information Services (CJIS) security policy in VMware vRealize Configuration Manager (VCM). The toolkit aligns with CJIS Security Policy version 5.3 and maps to 92 checks on various MS-Windows flavors. Using the toolkit on VCM, various law enforcement agencies such as state, local, federal, and international partners, can quickly assess Windows configuration and compare with CJIS Security Policy requirements. Additionally, you can remediate the infringements with an effort of a few clicks. Get the product sheet!

Continue reading

VMware CP&C releases PCI DSS 3.1 Compliance toolkit in VCM for VMware vSphere 6.0 and other platforms!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) team is pleased to announce the release of PCI DSS 3.1 compliance toolkits for VMware vSphere 6.0 and other platforms – Windows, *NIX, and VMware vSphere 5.5, 5.1 and 5.0 in VMware vCenter Configuration Manager (VCM). The toolkits consists of automated compliance rules to assess your environment against PCI DSS 3.1 requirements.

PCI Security Standards Council (PCI SSC) council quickly updated the standards from 3.0 to 3.1 in wake of SSL vulnerability on 15 Apr 2015. As per the announcement by the PCI council, the revision includes minor updates and clarifications, and addresses vulnerabilities within the Secure Sockets Layer (SSL) encryption protocol that can put payment data at risk. PCI DSS Version 3.1 is effective immediately following the publication, 15 Apr 2015. PCI DSS Version 3.0 will be retired on 30 June 2015.

Continue reading

VMware CP&C releases VMware vSphere 6.0 Hardening Guide Compliance toolkit in VCM!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) team is pleased to announce the release of VMware vSphere 6.0 Hardening Guide Compliance toolkit in VMware vCenter Configuration Manager (VCM). The toolkit consists of automated compliance rules to assess your VMware vSphere 6 based virtualized environments against the hardening guide. It covers 100% of the hardening guide recommendations.

The hardening guide has three risk profiles that group the recommendations based on the sensitivity of your environment. You can pick the compliance toolkits for respective risk profile or get all the rules at once and then make modifications to suit your sensitivity category.

Continue reading

VMware CP&C releases Major Updates to DISA STIG Windows Compliance toolkit in VCM!

CPC Logo

The VMware Center for Policy & Compliance (CP&C) is pleased to announce the updated DISA STIG compliance toolkit for Windows based environments in VMware vCenter Configuration Manager (VCM), a key component in the VMware vRealize Operations (vR Ops). This is a major update release to prior released DISA Compliance Toolkits for Windows based environments. The compliance toolkit product data sheet can be found here.

This toolkit contains below DISA STIGs:

  • Windows Server 2012 / R2 – DC and MS – STIG Version V1R4
  • Windows Server 2008 R2 – DC and MS – STIG Version V1R12
  • Windows Server 2008 – DC and MS – STIG Version V6R1.26
  • Windows Server 2003 / R2 – DC and MS – STIG Version V6R1.33
  • Windows 7 – STIG Version V1R16
  • Windows 8 / 8.1 – STIG Version V1R6

DC = Domain Controllers
MS = Member Servers
Continue reading

NSX-v 6.1 security hardening guide released for community feedback!

Hi All,
It is pleasing to announce the release of much awaited NSX-v 6.1 security hardening guide to the community for feedback and comments. Now, you can securely deploy NSX-v using the prescriptive guidelines mentioned in the guide.

Take your copy here. If you have something to say about it please write to nsxhgcomments@vmware.com and we shall get back to you.

Thanks to all the contributors for its success!

Thanks and regards,
Pravin Goyal
RHCE | HP-UX CSA | VCP | MBA | CISSP | GISP | CCSK | CloudU | CompTIA CE | ITIL-F | ITSM-F | CWNA | CWSP | Mobility+

Verify Roles and Features using VCM

CPC LogoToday, I show you how you can ensure you comply to DISA  recommendations to have only needed roles and features enabled on various Windows machines using VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops).

 

For this example, DISA STIG for Windows 7 Version:1 Release:16 released on 25 Jul 2014 is taken.

Below are the DISA recommendations:

  • 5.016 – IIS or its subcomponents must not be installed on a workstation
  • 5.260 – Games must not be installed on the system
  • 5.260 – Simple TCPIP Services must not be installed on the system
  • 5.260 – Telnet Server must not be installed on the system
  • 5.260 – The Telnet Client must not be installed on the system
  • 5.260 – The TFTP Client must not be installed on the system
  • 5.260 – Windows Media Center must not be installed on the system

Continue reading

Ensure DISA Certificate Compliance using VCM

CPC LogoToday, I show you how you can ensure you comply to DISA mandates to have DoD certificates on each Microsoft Windows machine using VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops).

For this example, DISA STIG for Windows 8 / 8.1 Version: 1  Release: 6 released on 25 Jul 2014 is taken.

Below are the DISA requirements for certificates:

  • WN08-PK-000001 – The DoD Root Certificate must be installed into the Trusted Root Store
  • WN08-PK-000002 – The External CA Root Certificate must be installed into the Trusted Root Store
  • WN08-PK-000003 – The DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed into the Untrusted Certificates Store
  • WN08-PK-000004 – The US DoD CCEB Interoperability Root CA 1 to DoD Root CA 2 cross-certificate must be installed into the Untrusted Certificates Store

Continue reading

VMware CP&C releases Major Updates to DISA STIG *NIX Compliance toolkit in VCM!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) is pleased to announce the updated DISA STIG compliance toolkit for UNIX and Linux based environments in VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops). This is a major update release to prior released DISA Compliance Toolkits for UNIX and Linux based environments. The compliance toolkit product data sheet can be found here.

This toolkit contains below DISA STIGs:

  • DISA AIX 6.1 V1R2
  • DISA HP-UX V1R4
  • DISA RH-5 V1R6
  • DISA RH-6 V1R3
  • DISA Solaris 10 V1R6

Continue reading