cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

DISA STIG Compliance Report

Jump to solution

All,

I have just posted serveral Reports that deal with the DISA STIG Compliance requirements.  Once you have downloaded these reports, please feel free to go through them to make sure they are reporting what you expect.  Do to the nature of variables (Keys, Passwords, Usernames, Access-lists, etc.) there will need to be some modifications.  These modification are marked by the " <  > " signs. 

If you have questions, comments, likes, or dislikes please feel free to write me here or at solarwinds@courtesyit.com.  I appreciate all types of reviews and would like to make this a better product. 

Please keep in mind some of the rules actually require the System Administrator to create documentation for physical inspection by the investigators. 

*IPv6 has not been resolved at this time. 

0 Kudos
1 Solution

Jon,

Thank you very much for your interest and the update on the DISA STIGs.  I am going to look into making some updates here in the next few weeks. 

Thanks,

CourtesyIT

View solution in original post

0 Kudos
18 Replies
Level 13

I have tried to use the Orion integration portion to manage these policies, but I get a download failure.  Since we can download these manually, how do we add them to Orion?  I have looked at the admin guide, and dont see any info on manually importing policies.

0 Kudos

dclick,

Have you received an answer to your question from christine? 

0 Kudos

Not yet.  I am traveling at the moment so may not be until later before I can get back on the boards.

0 Kudos

Hello,

I just noticed that the Network STIGs have been updated as of 4 Feb. What is the policy at SolarWinds for keeping compliance reports updated? The current reports are for "Version: 8 Release: 4 - 29 October 2010". The most recent STIGs are dated "Version 8, Release 5, 28 January 2011". Is there an eta for new compliance reports that reflect these changes?

Sincerely,

Jon

0 Kudos

Jon,

Thank you very much for your interest and the update on the DISA STIGs.  I am going to look into making some updates here in the next few weeks. 

Thanks,

CourtesyIT

View solution in original post

0 Kudos

Hi CourtesyIT,

I was wondering if you have an eta for the STIG report updates?

Jon

0 Kudos

Jon,

Thanks for asking.  I am almost done with the updates.  There was more to them I wanted to do on this round of updates.  I am looking at having them done this weekend. 

 

Thanks,

0 Kudos

Thanks CourtesyIT!

0 Kudos

I have been caught up a little studying for the CISSP exam in May. 

 

Thanks,

Eric

0 Kudos

Good luck with the CISSP! That is one bugger of a test! To this day, I'm not sure how I passed it 😉

Jon

0 Kudos

Version 8 Release 5 has been uploaded. 

0 Kudos

CourtesyIT,

Thanks for providing the information.  I just downloaded Version R5.  I am in the process of setting up my lab to test NCM and STIG compliance.  My assumption is that I can import the various XML files into NCM and validate my device configurations against those standards.  Is that correct?  Do you have any suggestions on reference materials that may help me get up to speed quicker?

Hope you test goes well!

Thanks,

Tom

0 Kudos

Tom, 

You should be able to import the xml files from the web gui using the integration module for NPM/NCM.  Once you have done that you will need to go through the different rule and modify to fit you configuration parameters. 

If you need reference models for Cisco devices you should probably pick up a couple of the Cisco Press Books. 

Good luck with it and let me know if there is anything else I can help you with.

Thanks,

0 Kudos

I don't have an internet connection on our system, so I have downloaded the reports and need to manually add them.  I there a procedure to manually add them to NCM?

Jim

0 Kudos

Hi Zoomee99 - are you running the NCM/NPM integration? If so, this is a piece of cake. Just go to "manage policy reports" click "import" on the menu bar, and you can choose the location of the files from your hard drive.

--Christine

0 Kudos

Thank you,

Jon

0 Kudos
Level 13

Hi CourtesyIT--

Where did you post these reports? I'm assuming it's on the Content Exchange? Can you let me know?

M

0 Kudos

I have posted them on Thwack using the SolarWinds-Orion-NCM-v6.1-NPM-Integration module. 

thanks,

Eric

0 Kudos