cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 15

Re: Policy Reporting

Jump to solution

Hi Dmjcomputing - policy reporting enhancements are top of the list of things we are working on right now. We plan to include all sorts of new features. I know you all have been asking for this for a while, and rest assured we are on it. 

--C

View solution in original post

0 Kudos
Level 7

Re: Policy Reporting

Jump to solution

I know you say you're "working on it", which is good, but judging by the traffic here it seems to be moving slowly.

 

In the meantime, a few comments:

 

You include a number of canned "Policy Reports". I know these are probably intended just as *examples*, but that's not really clear. When you include rules that have hard-coded IP addresses, like for a syslog destination or an NTP server, they will of course always fail. If one has a manager who takes a look at the product, says "Oooh, compliance reports", then hits you up with hundreds of violations because in our environment, we are not actually logging to 10.10.10.1, or most of our devices are not in Central Standard Time, it's awkward.

 

Oh, also, your NTP rules require Daylight Saving Time settings which have been obsolete for two years.

0 Kudos
Highlighted
Level 15

Re: Policy Reporting

Jump to solution

GeorgeK - thanks for your input. We're definitely working on enhancing the functionality - and I understand what you mean about updating the "out-of-the-box" rules and reports as well. We're on it. Thanks for your patience!

--Christine

0 Kudos
Highlighted
Level 7

Re: Policy Reporting

Jump to solution

Hello, I work with General Dynamics. I have been trying to compile the DISA STIG into NCM with no luck and was wondering if you all have any new developements towards this?

Thanks

Darrell

0 Kudos
Highlighted
Level 15

Re: Policy Reporting

Jump to solution

Hi Darrell - we're in beta right now and should be approaching the RC phase quite soon. I will be reaching out to everyone on this thread to see if you would be interested in participating in the RC. 

--Christine

0 Kudos
Highlighted
Level 12

Re: Policy Reporting

Jump to solution

Hi Christine,

Please count me in as well. Might I also suggest that you add IAVA compliance?

Jon

0 Kudos
Highlighted
Level 15

Re: Policy Reporting

Jump to solution

Hi Jon - are you wanting us to add the report, or just the ability to support those rules? Could you let me know what you're looking for so I can be sure we're tracking it correctly? 

--Christine

0 Kudos
Highlighted
Level 12

Re: Policy Reporting

Jump to solution

A report would be great! IAVA's are alerts sent out to inform the DoD user community of security issues with software. Most of them are for programs and OS'es, but they do send them out for hardware as well. Specifically, we would be interested in IAVA compliance on our network equipment. Thus, if an IAVA was issued stating that all Cisco 2690 switches must be running IOS version x.x.x by date XYZ, we could run a report to see if any of our Cisco 2690's were not compliant. Does this make sense?

Jon

0 Kudos
Highlighted
Level 15

Re: Policy Reporting

Jump to solution

Hi Jon - that does make sense. Thanks for the extra detail. 

--Christine 

0 Kudos
Highlighted
Level 7

Re: Policy Reporting

Jump to solution

That would be great! We have to go through an inspection once a year and its a pain to manually STIG 500+ devices.

 

Thanks again

Darrell

0 Kudos