cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Everything DISA STIGs for your Network

Jump to solution

Introduction

This page will be the Main Page for all DISA STIG information provided by CourtesyIT.  The intent is to follow this page to alert you to new content and discussions about being DISA STIG Compliant. Please feel free to message me if you would like any STIG\Vendors packages developed that are not listed here.

This page is not endorsed by DISA or Solarwinds, but merely one interpretation of the requirements.  Community involvement is encouraged.

Directory

1. Getting Started

This link will be to discuss ways to get started and how this process and capability can work for you..

How to Use the Compliance Feature in Solarwinds.pdf

How to Create a Policy Report.pdf

2.  How to Create a STIG Dashboard and View

This link will provide a document for you to download and build a Dashboard to show your success with the NCM Compliance feature.

DISA STIG Dashboard

3.  Reports by Vendor

These links will be based on Vendor STIGs.  For best results, please download these reports through NCM.  Navigate via Configs Tab > Compliance > Manage Policy Reports > Shared on Thwack Tab.

Cisco Systems

Juniper Networks

Brocade

Dell Switches

Palo Alto

F5

A10 Networks

Arista Networks

Riverbed

HP FlexFabric

4. Master List (A-Z)

      DISA STIG Master List (A-Z)

        5. Other Customization's

This link is a random sampling of various customization's I found through some Thwackers Content pages. 

How to do various customizations with your Solarwinds

6. Need Help? 

          Option 1.  If you organization is interested in short/long term engagements, you can contact me on Thwack or Solarwinds@CourtesyIT.com

          Option 2.  If you are a DoD Organization you can reach me on any of the email systems or through your Solarwinds Federal Sales Representative.

          Option 3.  If you are interested in NCM Compliance Training.  Please contact Loop 1 Systems for course details.

          Option 4.  If you would help in getting started, send me a configuration (minus key, hashes, and strings) and I can help get you started.

..........................................................................

.........................................................................

..........................................................................

.Living Document. Please Bookmark.

Labels (1)
1 Solution

For best results, please download these reports through NCM.  Navigate via Configs Tab > Compliance > Manage Policy Reports > Shared on Thwack Tab.

View solution in original post

43 Replies

michael.t.koehler.ctr@mail.mil‌ and 31cs.scoi.1@us.af.mil‌ was the error above the one you were seeing?

I have forwarded and notify the product manager to help investigate this issue.  Thank you for your patience.

V/R

Eric

0 Kudos

All,

The problem is caused by some extra text that gets appended to the XML when the report is exported from NCM directly to thwack.

Policy-Report-Scrambled.png

Before we find a permanent solution, may I ask CourtesyIT‌ to re-post the reports exported as file?

Whoever needs these reports immediately may download them and delete the extra characters after the </PolicyReport> tag.

Jiri

michael.t.koehler.ctr@mail.mil

You may need to bring the template down from inside NCM as opposed to the forum.  Then move it over to your other network and import. 

Thanks,

Eric

0 Kudos

Our network accreditation prohibits any connections to the internet.  It makes things difficult.

0 Kudos

do you have NCM on your internet connected network?

0 Kudos

No, I don't.

Eric sent me a file (I think an export from NCM), and I was able to import that fine.

0 Kudos

For best results, please download these reports through NCM.  Navigate via Configs Tab > Compliance > Manage Policy Reports > Shared on Thwack Tab.

View solution in original post

i have tried to download them via the shared on thwack site and i get a set of XML errors after i put in my user and PW. other policies DL ok but all of yours error out?

ideas?

EDIT:

also when i pulled all of the files i might be able to use i noticed that your STIG-V8R19-CSCO-OS-L2SW - VTY and Console entry is actually the user access file when you go to download it.

0 Kudos

I am having the same issue as Michael.  I have a server with NCM on a non-internet connected system, and I am unable to import the .xml files.

I am an Administrator on the machine as well.  I feel many of the people that will be downloading these STIGs have systems deployed on servers that are either non-internet connecting or their Administrative credentials will prevent them from browsing the Internet.  Can you load the generic NCM exports for the STIGs?

Thanks

0 Kudos

I am attempting to recreate the issue.  cvachovecj‌ I wanted to see if you had similar issues. 

Download the files, move them to disc, move files from disc to another desktop, upload into NCM via compliance "Import" button.

Question:  Are you downloading from Thwack or from inside NCM?

0 Kudos

I downloaded them from this forum burned to disc and transferred them to the My Documents folder on the NCM machine (that has no internet access).

In Orion Console, I click the Configs tab, then click Compliance.  There, I click Manage Policy Reports (the one with the pencil icon at the top of the column of existing reports) which takes me to the Manage Reports tab.  There, I click import, then browse and select one of the files (I tried 8 or 10 different ones) then click import.  It then says Unable to read xml file or wrong file format.

0 Kudos

Sorry, what issue do you mean? It's a bit difficult to recognize what you are replying to.

Jiri

0 Kudos

How do you import these into NCM?

Thanks.

0 Kudos

Navigate here:

Configs Tab > Compliance Section > Manage Reports Selection > Shared on Thwack Selection Tab.  Check a box for the template you would like and import.

It will show up as an Unknown or No Folder Section.

Thanks,

Eric

Thanks for the quick reply Eric.

I neglected to mention that this is on a stand-alone network.  I have to sneaker-net them.

0 Kudos

Did you get my email?  we can move the conversation to there it needed. 

0 Kudos

Hi Eric.

Thanks for the reply.

How would I do it without an internet connection? I’ve downloaded the applicable STIG files and moved them to the NCM machine. I don’t see how to import them, though.

Mike

0 Kudos

You should be able to import once you get to Manage Policy Reports.  Browse to the file location.  You may need to get a sys admin on there to allow you to that piece depending on how much they have your workstation locked down. 

0 Kudos

I get “unable to read xml file, or wrong file type” message. I tried half a dozen different ones.

I am an administrator on the machine.

0 Kudos

please check your mail.mil account.

0 Kudos

I get the same thing is there a fix for that?

0 Kudos