ecklerwr1, You are correct when apply DISA STIGs to the server. Most of the issue is focused around .NET and IIS. I always request a phased approcach to application of Server STIGs to my servers. I have them do a small batch 5-15 at a time so we can go back and fix if needed. I do not have a list of exceptions to give but I would split the list and take it slow.
Thanks. The good news is I think since this is a new IS that everything can be installed without the STIG in effect first... I just don't want to break it all because looking at notes from another installers notes they stated they applied the STIG and it broke NPM so badly they ended up having to completely rebuild the servers again and re-installing the software to get it working again.
I have made some corrections and additions to the Cisco STIG Page. I have added a report that will evaluate all physical ports on your network for the various stigs and requirements. Please feel free to download, modify for you, and let me know about any changes. Enjoy.
All of them. I have let it set over a weekend too, to see if that helps. I did one at a time as well to see if that would make a difference.
This compliance reports getting stuck in caching really irritates me... I have to go into the database and change the status to get ANY compliance reports to run... this isn't a great design I don't think. Also not making it so an admin can fix the problem from the web interface makes it even worse!
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.