We are happy to announce that version 7.4 of SolarWinds Network Configuration Manager ships the DISA STIG, NIST FISMA, and PCI DSS compliance reports out of the box. Wait -- that's not all! For DISA STIGs, we now support Brocade, Dell, Cisco, Juniper, and Palo Alto. The NIST FISMA and PCI reports have been developed for Cisco.

Simply select any of these new report(s) that you wish to run and “enable” them by following the steps outlined below.

 

Corresponding instructions for older versions of NCM can be found here: DISA STIG Resources for SolarWinds NCM (Now also for Juniper!). Also, don't miss a similar post for LEM: DISA STIG Compliance with Log & Event Manager.

 

How to enable the new compliance checks?

 

  1. Enter the compliance management interface: Configs tab / Compliance view / Manage Policy Reports.

    Manage-Reports.png

  2. Select the reports you are interested in and enable them.

    Enable-Reports.png

  3. Update the reports.

    Update-Reports.png

  4. Compliance status of your network is ready!

    Check-Results.png

Further recommendations

  • Make sure the reports you are interested in are displayed in the Policy Violations summary resource. (Policy Violations resource / Edit)

    Edit-Violations-Resource.png  Violations-Resource.png

  • Customize the violation severity labels to match your needs. (Settings / NCM Settings / Manage Violation Levels)

    Manage-Violation-Levels.png  Violations-Resource-CAT.png

  • Look for Cisco firmware vulnerabilities.
    If network security is a concern in your organization, you should definitely use this new capability of NCM -- run a nightly vulnerability assessment based on recent CVE data provided by the National Vulnerability Database -- NVD (by NIST). NCM will download and process the CVE data in a SCAP-compatible way and will notify you of potential vulnerabilities, provide detailed information and let you take an appropriate action. This security scan works even if your NCM server is not connected to the Internet -- you just have to download the datafiles manually.

    Wait for the nightly update or force the scan manually in Settings / NCM Settings / Firmware Vulnerability Settings / Run Now
    (See the below referenced NCM 7.4 RC blog post for more screenshots and details.)

    Firmware-Vulnerabilities.png

  • Check other new features of NCM 7.4
    All details are available here: Network Configuration Manager v7.4 Release Candidate is Available!
    Quick start:

    Whats-New.png

Miscellaneous

  • Please note that the US Army has granted a Certificate of Networthiness (CoN) to NCM V 6.0. CERT-201109082. CoN has also been granted to NPM, SAM (APM), NTA and Engineer's Toolset.
  • The following SolarWinds products are Common Criteria EAL 2 certified by the NIAP: NPM, SAM (APM), IPAM, NTA, VNQM, NCM, EOC. Our Validation ID is 10453
  • You can also find Federal Information Security Management Act (FISMA) / NIST reports for NCM 6.1, on Thwack.com (same installation procedure applies)
  • Did you know that Gartner positions NCM in their research “MarketScope for Network Configuration and Change Management”, Deb Curtis, David Williams, 31 March 2010, ID Number: G00175140, as follows:
    • NCM is the most widely deployed of the products meeting Gartner’s criteria for evaluation (except CiscoWorks)
    • NCM is rated in the top tier (Positive / Strong positive) with the “Big-4”
  • A reference to SolarWinds (NPM) in the SIGNAL Online article “Marines Revolutionize Network In Southwest Afghanistan