This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Compliance validation with hidden commands

I am starting to research the implementation of DISA STIG compliance reports in NCM.  I am discovering that some of the commands (for example,DISA STIG-V8R19-CSCO-OS-L2SW - SSH) only show up in the "show run all" output. The issue with this is NCM is only looking at the running-config and those commands do not appear.

For those of you that are using these reports, how do you prove to auditors that you are compliant? 

I am running NCM 7.8

  • orionfan​ I don't really use the compliance side of NCM, or at least not as intended, but you should be able to add a config type (or change the current) to include "show run all".

    I know it's not exactly what you are asking for, but I just posted something about how I use NCM to manage our Linux servers. Right at the beginning of that post, I show the device template I use. Within that device template, you can see the "Running" command is no longer "show run", and is now "ls -hal". That is pretty much all you would need to do to make the default action run what you want it to.

    Using NCM To Manage Our Linux Servers

    Again, while I use the compliance tools within NCM, I don't really use it the way it was intended. However, maybe just create a new config type, "Running-All" (or whatever works for you), then just have the NCM/compliance jobs download that new config, and process compliance on that new config type.

  • orionfan​ I believe you would need to point the policy towards your new config type, then re-run the compliance report after downloading the new config type from the devices.

    pastedImage_0.png

    I hope I am not too far off track here. Hopefully a  more experienced Thwacker will stop by shortly and make any necessary corrections.

    Thank you,

    -Will

  • This is what I was looking for.  Thanks for your help!