Hi Dmjcomputing - policy reporting enhancements are top of the list of things we are working on right now. We plan to include all sorts of new features. I know you all have been asking for this for a while, and rest assured we are on it.
--C
Hi Haley,
We are a Dept. of the Army shop, and as such have to comply with DISA Security Technical Implementation Guides (specifically the Network STIG V7R1). Any chance that you guys could get with DISA and come up with compliance reports for the STIGs?
Jon
I second Jon's request!!! The policy reporter policies seem to aim at SOX requirements. I would like to see policies checks applicable to goverment requirements (FISMA, DISCAP). Policy compliance include; NSA/DISA Stigs, CIS at least for now. We're currently having to use the CIS Router Auditor Tool (RAT) tool in order to provide compliance reports. Any assistance would be greatly appreciated.
Not to sound like I am begging (but I am ;-), is there any chance that the DoD/Government compliance reports (i.e. STIG, DIACAP, FISMA, etc.) will be added? We really, really, really need these compliance reports in our environment. Currently, the only way we can do these is manually (RAT works on the routers, but that is all). When you have several hundred devices to maintain, this becomes an unsurmountable task. Please add these compliance reports!
Has anyone had any luck transposing the DISA STIG's into NCM Policies & Rules? The reason I ask is, I am trying to do the same.
If anyone has had any success and would be willling to exchange rules, please let me know.
Thanks,
Jeff
Unfortunately not, and I have not received any feedback from SW about my request to have it added. Now that SW is on the "approved software" list for DoD, I know that a lot of us DoD folks are probably using it. These reports would be a HUGE bennefit for us all!
We're absolutely looking at improvements to Policy Reporting in future releases. In addition to more out of the box reports, we really want to give users the ability to share rules, policies, and reports they've written to help populate content more quickly. If you have Policy Reports that you've already written that you'd be willing to share, please let me know.
Has anyone got an update on the Policy Reports for STIGs. I am too looking for this feature.
One of these days, I am going to try to sit down and see what I can do. Unfortunately, regex has always baffled me, so I am not sure if I will have any luck or not. If I do get something working, I'll definitely post it here.
I would like to see some of these worked out. I know everyone is busy doing other things, but regex also has baffled me. I hope we can get some of these posted.
If there is anyone on this thread that is interested in joining the 6.1 RC - please send me a note. We are starting to provision it now.
--Christine
Hi Christine,
I was just doing some research and ran across something I was not aware of that relates to this. There are now multiple STIGs for different classes of devices and for which layer they are operating at. Most of them were just updated in October, and here is a listing off all of the Networking STIGs that are currently in effect:
Hi Jon - we're focusing on Cisco right now. However, we hope that with the new ability to share compliance content within the community, there will quickly be additions available. I would imagine that compliance reports might require some customization for each individual environment, no matter how comprehensive they are - so we focused on providing a good foundation and making the reports easy to build on.
Once we get the report out - we'll definitely be listening for where we should focus enhancements.
Hello,
Is there a CIS compliant reporter?
Thank You
