CourtesyIT - thanks the STIG reports and rules.
Quick question: For items that require manual checking, e.g. "NET1734 - V17857 - SNMP stored for 30 days". Is the intent of the rule to remind the NetAdmin to manually verify the configuration? If so, once that is complete, should the NetAdmin delete this rule, or add some type of comment within the config file to "confirm" the manual activity?
Thank you for the feedback.
My interpretation of the rule is that the Network Administrator is to keep snmp traps on the system for 30 days and back them off on to disk which should be held in a secure storage for 1 year. I was unable to develop a rule to check for this so manual verification was required.
I have reviewed the latest version of the STIGs and have noticed that this particular rule has been deleted. I will be reviewing the stigs and will upload the latest version in a couple of weeks.
Thanks for the response. I will be providing a high-level overview of the NCM product and how to use it for DISA STIG compliance to my teammates early next week. You answers have helped me tremendously. I have imported a few DISA Reports from your templates. I notice that upon importing the XML template, they becomes standalone reports, e.g. one for AAA, IPV4 to IPV6...etc. Whereas, the STIG guides separate out into "Switch L2", "Switch Layer 3", "Routers", "Perimeter router",.etc.
I would like to figure out how to apply custom reports that mirrors the STIG guidelines (Switch L2, Switch L3, perimeter router...etc) to specific groups of Assets, e.g. "Perimeter routers report composed of select rules from your XML templates applied to Router A & Router B." My thought is to import all your DISA templates, then create a custom report with custom policy built from rules created by you XML template import, then associate the report to Router A & Router B. Do you think this will work? Is there a better way to do this?
I broke it down for two reasons:
1. With all the rules for a functional device the report becomes unwieldy.
2. With smaller reports you are able to focus or deligate a particular technology/protocol for remediation.
If you go to my profile you should see some documents that will help you out in developing your functional device reports.
Hope this helps. If you need something else developed feel free to ask.
I tried to import the DISA STIG XML file for the policy report. I tried to up load it through the Import Policy Report, and I get this error
Unable to read xml file or wrong file format.
Is this the proper way to update the STIG?