Home > Blogs > VMware Security & Compliance Blog > Tag Archives: Compliance

Tag Archives: Compliance

VMware CP&C releases PCI DSS 3.0 Compliance toolkit for Windows Environments in VCM!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of Payment Card Industry Data Security Standard (PCI DSS) 3.0 Compliance toolkit for Windows Environments in VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops) suite.

PCI DSS 3.0 comes into effect from January 1, 2014. PCI DSS 3.0 compliance toolkit for VMware vSphere based virtual environment and PCI DSS 3.0 Compliance toolkit for *NIX based environments were released earlier this year.

PCI DSS 3.0 compliance Windows toolkits are available for below environments:

Windows Server 2003 (DC and MS)
Windows Server 2003 R2 (DC and MS)
Windows Server 2008 (DC and MS)
Windows Server 2008 R2 (DC and MS)
Windows Server 2012 (DC and MS)
Windows Server 2012 R2 (DC and MS)
Windows 7
Windows 8
Windows 8.1

*Legends*
DC = Domain Controller
MS = Member Server

You can download the packages using Compliance Content Wizard tool in VCM or from VMware solution exchange and begin to use them.

Keep in mind that VCM manages not only virtual environments, but covers physical as well. It is the market leader in Configuration Audit, Change Detection, Patch Management and COMPLIANCE content. With new additions such as Scripted Remediation Framework, high level of OS patch automation with auto deploy functionality, Easy install and setup, SCAP based compliance and a new look and feel, it is better than ever before!

Come, join the journey to Start Green Stay Green!

Thanks and regards,
Pravin Goyal,
RHCE | HP-UX CSA | VCP4-DCV | MBA | CISSP | GISP | CCSK | CloudU | CompTIA CE | ITIL-F | ITSM-F

VMware CP&C releases PCI DSS 3.0 Compliance toolkit for *NIX Environments in VCM!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of Payment Card Industry Data Security Standard (PCI DSS) 3.0 Compliance toolkit for UNIX and Linux Environments in VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops) suite.

PCI DSS 3.0 comes into effect from January 1, 2014. PCI DSS 3.0 compliance toolkit for VMware vSphere based virtual environment was released earlier this month.

Continue reading

VMware CP&C releases PCI DSS 3.0 Compliance toolkit for Virtual Environments in VCM!

CPC LogoThe VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of Payment Card Industry Data Security Standard (PCI DSS) 3.0 Compliance toolkit for Virtual Environment in VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops) suite.

PCI DSS 3.0 comes into effect from January 1, 2014. We churned it pretty quickly and now have the PCI DSS 3.0 compliance toolkits available for below VMware vSphere based virtual environments:

VMware vSphere 5.0
VMware vSphere 5.1
VMware vSphere 5.5

Continue reading

VMware CP&C releases vSphere 5.5 Compliance Checker!

VMware Center for Policy and Compliance (CP&C) team is pleased to announce the general availability of VMware vSphere 5.5 Compliance Checker – an excellent FREE tool to get you started with compliance assessment of your virtual infrastructure with respect to vSphere 5.5 hardening guide.

The tool can be downloaded here.

You can use this tool for vSphere 5.0, 5.1 and 5.5.

While these simple Compliance Checkers provide some basic functionality and benefits, VMware also offers VMware vCenter Configuration Manager, which automates configuration and compliance management across your virtual, physical and cloud environments, assessing them for operational and security compliance. It comes with capabilities such as compliance management, change management, patch management, software inventory management and other useful features.

vCenter Configuration Manager is a component of VMware vCenter Operations Management Suite, which helps you manage the performance, capacity and configuration of your virtual and physical infrastructure.

So, what are you waiting for? Grab these checkers quickly and roll on the compliance!

Come, join the journey to Start Green Stay Green!

Thanks and regards,
Pravin Goyal
RHCE | HP-UX CSA | VCP | MBA | CISSP | GISP | CCSK | CloudU | CompTIA CE | ITIL-F | ITSM-F

VMware CP&C releases DISA vSphere 5.0 Compliance toolkit for VCM!

The VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of The Defense Information Systems Agency (DISA) VMware vSphere 5.0 compliance toolkit for VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite. (vC Ops). The benchmark availability announcement was made on 09-Aug-2013 and we churned it pretty quickly!

 

Continue reading

VMware CP&C releases NERC Unix Compliance toolkit in VCM!

The VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of The North American Electric Reliability Corporation (NERC) UNIX compliance toolkit in VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite. (vC Ops). The toolkit is aligned with CIP version 4 for Cyber Security.

 

 

  • Rules mapped to CIP section nos. for easy traceability
  • Rules for AIX, HP-UX, Solaris, RHEL 5 and RHEL 6
  • 4 collection filter sets containing 92 collection filters totally
  • 5 Rule Groups and 6 Templates containing 413 rules in total
  • A great new dashboard

You can download the packages using VCM Content Wizard and begin to use it.

Continue reading

CIS and DISA CP&C toolkit update

Hi All,

The VMware Center for Policy & Compliance (CP&C) is pleased to announce the availability of latest Center for Internet Security (CIS) and Defense Information Security Agency (DISA) Compliance toolkit packages for VMware vCenter Configuration Manager (VCM).

The highlights of this release are as below:

  1. CIS has new content for
    • AIX 5.3-6.1 and
    • RHEL 6
  2. DISA has new content for
    • HP-UX 11.23 and 11.31
    • Solaris 10
    • AIX 6.1 and
    • RHEL 5

Continue reading

VMware CP&C releases IRS 1075 Content in vCM!

The VMware Center for Policy & Compliance (CP&C) is pleased to announce the release of IRS 1075 content in vCenter Configuration Manager. vCM, a key component in the vCenter Operations Suite. (vC Ops)

The purpose of 1075 is to protect Federal Tax Information (FTI) and secure Safeguards for Protecting FederalTax Returns and Return Information.

Introduction to IRS 1075 for Virtualization

To Utilize a Virtual Environment that receives, processes, stores or transmits FTI, the agency must meet the following mandatory notification requirements: 

Notification Requirements 

  • If the agency’s approved SPR is less than six years old and reflects the agency’s current process, procedures and systems, the agency must submit the Virtualization Notification, which will serve as an addendum to their SPR.
  • If the agency’s SPR is more than six years old or does not reflect the agency’s current process, procedures and systems, the agency must submit a new SPR and the Virtualization Notification.

 

With the IRS 1075 content in vCM, our customers will be able to get great dashboard to track their Compliance posture:

IRS.1

You can also break down the compliance results by data type to see where most of your infractions are coming from:

IRS.2

From there, you can see the individual rules behind the content that is surfaced in our dashboards. In this release we provided 5 Rule groups, 2 templates and 104 rules:

IRS.3

Keep in mind that vCM manages not only virtual enviroments, but covers physical as well. It is the market leader in Configuration Audit, Change Detection, Patch Management and COMPLIANCE content. Yes! That is right, we can also remediate non compliant results with a right click in both the virtual and physical world! vCM even has VDI (VIEW) hardening guidelines. Look for our Mobile Compliance Content coming soon… 

Also, don't forget about the VMware CP&C FREE compliance checkers! 

https://my.vmware.com/web/vmware/evalcenter?p=compliance-chk&lp=default

The IRS 1075 guidelines are available today and can be downloaded using the vCM Content Wizard.

Feel free to hit us up with questions & comments at:

Hasta La Vista,

George Gerchow – Director, VMware Center for Policy & Compliance

 

 

 

VMware CP&C releases a FREE vSphere 5.0 hardening guideline compliance checker!

I am hanging out in NYC finishing Cloud Expo East where we delivered a rousing session on Cloud Audit & Control with Coalfire AND CP&C is now VERY pleased to announce the release of our FREE vSphere 5.0 compliance checker! Last week we rolled out the 5.0 hardening guidelines in vCenter Configuration Manager (vCM) making it the first product on the planet to have the 5.0 content for our customers. Today, we are giving you access to a FREE vSphere 5.0 compliance checker! How awesome is that?

It is so easy to download and use that you can run it while watching Euro Cup with the sound of GOOOOOOAAAAAALLLLLLLLL!!!!!!!!!! In the background!

 Here is how the vSphere 5.0 Compliance Checker works: 

  • The Compliance Checker runs an assessment on 5 host systems at a time! (The 1st five being managed by an instance of vCenter Server)

 

  • The assessment is based on a predefined subset of the 5.0 Hardening Guidelines Content that currently exist today in vCenter Configuration Manager (vCM) Part of the vCenter Operations Manager Suite (vCo Ps)

 

  • The results for each host includes the rules, the rule descriptions, and the success or failure of each rule

 

 Check out the following results report from the vSphere 5 Checker

ComplianceReport

All you have to do is authenticate into the vCenter box that you want to assess hosts on.

VSphereCC

The VMware Center for Policy & Compliance FREE Checkers are sweeter than bacon and designed to get you hooked & come back for more! 

Here is the link so you can get started hardening your vSphere Environment today. (Remember, we have FREE checkers for vSphere 4.0 & 4.1 AND for PCI 2.0 Windows & Linux)

http://www.vmware.com/go/free-compliance-check-for-vsphere

Next, look for CP&C to release a HIPAA Checker that will be hotter than the Miami HEAT!

Now this poses a few questions and we would love to get your feedback: 

1. Are free tools like this helpful?

2. How do you currently lock down your vSphere environment?

3. Would remediation of the non-compliance results be a good next step?

4. Do you care about regulatory compliance & vendor best practices? If so, which ones? (PCI, HIPAA, DISA, CIS…) 

Jump in the discussion on any of our social media channels – blogs, Twitter, Facebook, or community forum: 

 

Cambio y Fuera!

George Gerchow – Director, VMware Center for Policy & Compliance


 

VMware Center for Policy & Compliance (CP&C) releases vSphere 5.0 hardening guidelines in vCenter Configuration Manager! (vCM)

CP&C is pleased to announce the most anticipated content release to date in vCM, the VMware vSphere 5.0 hardening guidelines! As critical component of the vC Ops suite, vCM is the FIRST product in the market today to have the official GA version of the vSphere 5.0 Hardening Guidelines. This is just another significant step in our Trusted Cloud initiative in helping customers migrate tier one applications to the VMware Cloud Infrastructure Suite.

What does this mean to VMware vCM customers who want to make sure their virtual systems are compliant?

5 new rule groups and two brand new templates:

  VSphere 5.0 p1

 Brand new 5.0 hardening guideline collection filters:

VSphere 5.0 p2

Great executive compliance results and trending dashboards:

VSphere 5.0 p3

You can quickly move from Dashboards to details and see the out of compliance data classes, here is a small sample, there are so many that I cannot get a full coverage screen shot!

VSphere 5.0 p4

Add this DEEP virtualization compliance data to the rich cross platform, heterogeneous change detection, configuration\ patch management, best practices and regulatory compliance content vCM has today & you will be well on your way to successfully hardening your environment. (Yes, I did say Virtual, Physical, Windows, Linux, Servers, Desktops\ VDI…) This is better than bacon!

Whhheeeeewwwww, I ran of breath reading it back.

The guidelines are available today and can be downloaded using the vCM Content Wizard.

 Feel free to hit us up with questions & comments at:

Hasta La Vista,

George Gerchow – Director, VMware Center for Policy & Compliance