cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 12

Compliance validation with hidden commands

Jump to solution

I am starting to research the implementation of DISA STIG compliance reports in NCM.  I am discovering that some of the commands (for example,DISA STIG-V8R19-CSCO-OS-L2SW - SSH) only show up in the "show run all" output. The issue with this is NCM is only looking at the running-config and those commands do not appear.

For those of you that are using these reports, how do you prove to auditors that you are compliant? 

I am running NCM 7.8

Labels (1)
Tags (1)
0 Kudos
1 Solution

orionfan​ I believe you would need to point the policy towards your new config type, then re-run the compliance report after downloading the new config type from the devices.

pastedImage_0.png

I hope I am not too far off track here. Hopefully a  more experienced Thwacker will stop by shortly and make any necessary corrections.

Thank you,

-Will

View solution in original post

0 Kudos
3 Replies

orionfan​ I don't really use the compliance side of NCM, or at least not as intended, but you should be able to add a config type (or change the current) to include "show run all".

I know it's not exactly what you are asking for, but I just posted something about how I use NCM to manage our Linux servers. Right at the beginning of that post, I show the device template I use. Within that device template, you can see the "Running" command is no longer "show run", and is now "ls -hal". That is pretty much all you would need to do to make the default action run what you want it to.

Using NCM To Manage Our Linux Servers

Again, while I use the compliance tools within NCM, I don't really use it the way it was intended. However, maybe just create a new config type, "Running-All" (or whatever works for you), then just have the NCM/compliance jobs download that new config, and process compliance on that new config type.

0 Kudos

orionfan​ I believe you would need to point the policy towards your new config type, then re-run the compliance report after downloading the new config type from the devices.

pastedImage_0.png

I hope I am not too far off track here. Hopefully a  more experienced Thwacker will stop by shortly and make any necessary corrections.

Thank you,

-Will

View solution in original post

0 Kudos

This is what I was looking for.  Thanks for your help!