New DISA Oracle Linux 8 STIG audits Summary Customers can...
New DISA Oracle Linux 8 STIG audits Summary Customers can now measure compliance against Oracle Linux 8 using the new DISA Oracle Linux 8 audits. These audits can now be downloaded from Tenable's download portal found at: https://www.tenable.com/downloads/configuration-audit-policies. Tenable Audit Files DISA Oracle Linux 8 STIG v1r1 Target Release Date Immediate Additional Notes: The audits include checks for evaluating Oracle Linux 8 systems. To obtain the latest version of the STIG please visit https://public.cyber.mil/stigs/.New Audit Attachments: Gold Image, XCCDF, and JSON Summary...
New Audit Attachments: Gold Image, XCCDF, and JSON Summary To support additional functionality and the export of compliance results, the following plugins have been developed: Compliance Export Gold Image Audit (174791) - a plugin that gathers the results of an existing compliance scan results and creates a “gold” image audit using the “known good” feature. The expected use of this feature is to scan a baseline target in your infrastructure, and then use the resulting audit to scan the rest of the targets to gauge how closely they match the baseline. This will replace the functionality that was previously provided by the python script at https://github.com/tenable/audit_scripts/tree/master/baseline. Compliance Export JSON (174790) - a plugin that gathers the results of an existing compliance scan and creates a JSON file attachment for each audit file that was executed on the scan targets. The JSON file will include data about the audit file, the scan, and the compliance results. The expected use of the files is to provide more precise export of compliance data from individual scan results. Compliance Export XCCDF (174792) - a plugin that gathers the results of an existing compliance scan and provides the results as an XCCDF format. The expected use of these files is to be imported into tools like STIG Viewer. A single XCCDF will be attached to the plugin for each audit file that contains DISA references. Each of these plugins will have to be enabled using the advanced general preferences found in the Policy Compliance Auditing and Advanced scan templates. The preferences names are: Generate gold image .audit Generate XCCDF result file Generate JSON result file When the plugins are enabled and compliance results have been generated, the results will become available in the Vulnerability category with the files attached to the plugin results. All preferences are turned off by default and recommended to only be used in instances where the attached files are required. Target Release Date Sep 15, 2023 Additional Notes Initial release is for Nessus and Tenable Vulnerability Management only. The preferences will be added to Tenable Security Center at a later date.New DISA STIG Microsoft Windows 11 v1r1 Audit File Summary...
New DISA STIG Microsoft Windows 11 v1r1 Audit File Summary Customers can now measure compliance against the latest release of the Microsoft Windows 11 v1r1 STIG from DISA with the new DISA STIG Microsoft Windows 11 v1r1 audit. The Tenable audit covers the Windows 11 STIG guidance by evaluating over 270 compliance checks. This includes account and local policies, system service checks, file system checks and many more. To get started please review our Windows Credential Scanning documentation on how to configure your Windows 11 targets for Tenable Compliance Configuration Scanning. Tenable Audit Files DISA Windows 11 STIG v1r1 The audits can be downloaded from the Tenable Audits Portal Date of Release ImmediateDISA STIG Networking Audits Being Retired Summary With the...
DISA STIG Networking Audits Being Retired Summary With the release of more specific guidance by DISA or the End of Life (EOL) for some products, a number of Tenable audits are being retired. Where applicable, a suggested replacement audit has been noted. Removed Tenable Audits Cisco DISA_STIG_Cisco_Perimeter_L3_Switch_V8R32.audit DISA_STIG_Cisco_Perimeter_Router_V8R32.audit DISA_STIG_Cisco_Infrastructure_Router_V8R29.audit DISA_STIG_Cisco_Infrastructure_L3_Switch_V8R29.audit Replacements for Perimeter/Infrastructure, depending on target OS: https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_Switch_RTR_v2r1 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_Switch_NDM_v2r3 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_Switch_L2S_v2r2 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_XE_Switch_NDM_v2r2 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_XE_Switch_RTR_v2r1 https://www.tenable.com/audits/DISA_STIG_Cisco_IOS_XE_Switch_L2S_v2r2 https://www.tenable.com/audits/DISA_STIG_Cisco_NX-OS_Switch_RTR_v2r1 https://www.tenable.com/audits/DISA_STIG_Cisco_NX-OS_Switch_L2S_v2r1 DISA_STIG_Cisco_Firewall_V8R25.audit Replacements: https://www.tenable.com/audits/DISA_STIG_Cisco_ASA_NDM_v1r1 https://www.tenable.com/audits/DISA_STIG_Cisco_ASA_VPN_v1r1 https://www.tenable.com/audits/DISA_STIG_Cisco_ASA_FW_v1r2 Juniper DISA_STIG_Juniper_Perimeter_Router_V8R32.audit Replacements: https://www.tenable.com/audits/DISA_STIG_Juniper_Router_NDM_v2r1 https://www.tenable.com/audits/DISA_STIG_Juniper_Router_RTR_v2r3 DISA_STIG_Juniper_Infrastructure_Router_V8R29.audit Replacements: https://www.tenable.com/audits/DISA_STIG_Juniper_Router_NDM_v2r1 https://www.tenable.com/audits/DISA_STIG_Juniper_Router_RTR_v2r3 Target Release Date September 1, 2022Tenable Audits Being Retired Summary With the release of...
Tenable Audits Being Retired Summary With the release of alternative guidance by CIS, DISA and product vendors or the End of Life (EOL) of products, a number of Tenable audits are being retired. Where applicable, a suggested replacement audit has been noted. Removed Tenable Audits Unix TNS IBM WebSphere Application Server 9 Linux Replacement: DISA IBM WebSphere Traditional v1r1 TNS Oracle WebLogic 10 Security Guide Linux Replacement: DISA Oracle WebLogic Server 12c v2r1 TNS Oracle WebLogic 11 Security Guide Linux Replacement: DISA Oracle WebLogic Server 12c v2r1 Windows DISA STIG Access 2007 v4r9 Replacement: DISA Office 2010 Access or newer DISA STIG Excel 2007 v4r9 Replacement: DISA Office 2010 Excel or newer DISA STIG InfoPath 2007 v4r9 Replacement: DISA Office 2010 InfoPath or newer DISA STIG MS Office Access 2003 v4r3 Replacement: DISA Office 2010 Access or newer DISA STIG MS Office Excel 2003 v4r3 Replacement: DISA Office 2010 Excel or newer DISA STIG MS Office Infopath 2003 v4r3 Replacement: DISA Office 2010 InfoPath or newer DISA STIG MS Office Outlook 2003 v4r3 Replacement: DISA Office 2010 Outlook or newer DISA STIG MS Office PowerPoint 2003 v4r3 Replacement: DISA Office 2010 PowerPoint or newer DISA STIG MS Office Word 2003 v4r3 Replacement: DISA Office 2010 Word or newer DISA STIG OfficeSystem 2007 v4r9 Replacement: DISA Office System 2010 or newer DISA STIG Outlook 2007 v4r9 Replacement: DISA Office 2010 Outlook or newer DISA STIG PowerPoint 2007 v4r9 Replacement: DISA Office 2010 PowerPoint or newer DISA STIG Word 2007 v4r9 Replacement: DISA Office 2010 Word or newer TNS IBM WebSphere Application Server 9 Windows Replacement: DISA IBM WebSphere Traditional v1r1 TNS Oracle WebLogic 10 Security Guide Windows DISA Oracle WebLogic Server 12c v2r1 TNS Oracle WebLogic 11 Security Guide Windows Replacement: DISA Oracle WebLogic Server 12c v2r1 Juniper TNS Juniper ScreenOS Best Practices Audit Please see https://support.juniper.net/support/eol/product/netscreen_hw/ for end of life status of NetScreen/ScreenOS products Target Release Date January 4, 2022 Additional Notes: As with any new audit or significant update, the items tested may vary and the results of a scan could be very different. We urge customers to always review and understand the contents of any new audit files before they are implemented in a scan.New DISA Oracle MySQL 8 STIG v1r1 Summary Customers with...
New DISA Oracle MySQL 8 STIG v1r1 Summary Customers with Oracle MySQL 8 instances can now examine their installations’ compliance with Tenable's audit files based on the Oracle MySQL 8 DISA STIG v1r1. DISA STIG DISA Oracle MySQL 8 STIG version 1 release 1 Target Release Date Immediate Release Additional Notes The DISA STIG ZIP package found in the "see also" section includes the U_MySQL80Audit.sql.pdf file that contains example filters that can be created for use with the MySQL Enterprise Audit product to assist in meeting STIG requirements. The STIG is intended for use with MySQL Database version 8.0 installed on a RHEL or CentOS environment.BlueCoat ProxySG Visual Policy Manager Enhancement Summary...
BlueCoat ProxySG Visual Policy Manager Enhancement Summary The BlueCoat ProxySG compliance plugin is being enhanced to support processing and evaluation against the Visual Policy Manager (VPM) configuration. This configuration is stored on the target device as XML. A new check type is being added to the plugin as 'AUDIT_XML_VPM'. This check type supports the usage of XSL transformations to select data for evaluation. Tenable Plugins 70470 - BlueCoat ProxySG Compliance Plugin Target Release Date Immediate Release Example: The following custom_item will return the output of the Client Cipher name and values for evaluation. <check_type:"BlueCoat"> <custom_item> type : AUDIT_XML_VPM description : "AUDIT_XML_VPM Client Cipher" xsl_stmt : "<xsl:template match=\"vpmapp\"> <xsl:text>Client Cipher Name - </xsl:text><xsl:value-of select=\"conditionObjects/clnt-cipher/@name\"/><xsl:text> </xsl:text> <xsl:text>Client Cipher Values - </xsl:text><xsl:value-of select=\"conditionObjects/clnt-cipher/@v\"/> </xsl:template>" expect : "ECDHE-RSA-AES256-GCM-SHA384" </custom_item> </check_type> Additional Notes: DISA STIG content will be updated to support this new feature. Customers currently using the DISA STIG Symantec ProxySG ALG and NDM audits will begin to see updated check content soon. Please be on the lookout for the next Release Highlight for the audit updates!New DISA Red Hat Enterprise Linux 8 v1r1 STIG Audit Summary...
New DISA Red Hat Enterprise Linux 8 v1r1 STIG Audit Summary Customers can now measure compliance against the new release of the Red Hat Enterprise Linux 8 STIG from DISA with the new DISA Red Hat Enterprise Linux 8 v1r1 audit. Tenable Benchmarks DISA Red Hat Enterprise Linux 8 v1r1 Target Release Date April 16, 2021 Additional Notes: The STIG and audit cover over 300 security controls including configuration settings that map to new features that were included in RHEL 8. Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.New DISA Microsoft Edge v1r1 STIG Audit Summary Customers...
New DISA Microsoft Edge v1r1 STIG Audit Summary Customers can now measure compliance against the latest release of the Microsoft Edge STIG from DISA with the new DISA MS Edge v1r1 audits. Tenable Benchmarks DISA Microsoft Edge v1r1 Target Release Date April 9, 2021 Additional Notes: The STIG and audit cover over 50 Microsoft Edge specific checks, including: SmartScreen, AutoFill settings, InPrivate mode, disallowed features, and many more.
Tenable Audits Being Retired Summary With the release of...
Tenable Audits Being Retired Summary With the release of alternative guidance by CIS, DISA and product vendors or the End of Life (EOL) of some products, a number of Tenable audits are being retired. Where applicable, a suggested replacement audit has been noted. Removed Tenable Audits Database - CIS MySQL 4.1/5.1 L1 v1.0.2 Replacement - CIS MySQL 5.6 and newer Reason for removal - No longer published by CIS Unix - CIS Apple OSX 10.5 Leopard v1.0.0 Replacement - CIS Apple OSX 10.8 and newer Reason for removal - No longer published by CIS Unix - CIS Apple OSX 10.6 Snow Leopard v1.0.0 Replacement - CIS Apple OSX 10.8 and newer Reason for removal - No longer published by CIS Unix - DISA STIG Apple Mac OSX 10.5 v1r2 Replacement - DISA Apple Mac OSX 10.12 and newer Reason for removal - Sunset by DISA Unix - DISA STIG Apple Mac OSX 10.6 v1r3 - Sunset by DISA Replacement - DISA Apple Mac OSX 10.12 and newer Reason for removal - Sunset by DISA Unix - DISA STIG Apple Mac OSX 10.9 v1r2 - Sunset by DISA Replacement - DISA Apple Mac OSX 10.12 and newer Reason for removal - Sunset by DISA Unix - DISA STIG Apple Mac OSX 10.10 v1r5 - Sunset by DISA Replacement - DISA Apple Mac OSX 10.12 and newer Reason for removal - Sunset by DISA Unix - DISA STIG Apple Mac OSX 10.11 v1r6 - Sunset by DISA Replacement - DISA Apple Mac OSX 10.12 and newer Reason for removal - Sunset by DISA Unix - DISA STIG Java JRE 6 v1r4 Reason for removal - Sunset by DISA Unix - DISA STIG Java JRE 7 v1r4 - Sunset by DISA Reason for removal - Sunset by DISA Windows - CIS Windows 2008 Enterprise v1.2.0 Replacement - CIS Windows Server 2012 and later Windows - CIS Windows 2008 SSLF v1.2.0 Replacement - CIS Windows Server 2012 and later Windows - CIS MS Office 2007 v1.1.0 L1 Replacement - CIS Microsoft Office 2016 and later Windows - CIS Microsoft Office 2013 v1.1.0 Replacement - CIS Microsoft Office 2016 and later Windows - CIS Windows 2003 DC v3.1.0 Replacement - CIS Windows Server 2012 and later Windows - CIS Windows 2003 MS v3.1.0 Replacement - CIS Windows Server 2012 and later Windows - CIS Windows XP v3.1 Replacement - CIS Windows 10 and later Windows - CIS IIS 6.0 v1.0.0 Replacement - CIS IIS 10 and later Windows - CIS Exchange 2007 Enterprise Edge Transport 1.1.0 Replacement - CIS Exchange 2013 and later Windows - MSCM V1.0 Windows 2008 R2 EC Domain Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V1.0 Windows 2008 R2 EC Domain Controller Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V1.0 Windows 2008 R2 EC Member Server Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V1.0 Windows 2008 R2 SP1 Domain Controller Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V1.0 Windows 2008 R2 SP1 Member Server Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V1.0 Windows 2008 R2 SSLF Domain Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V1.0 Windows 2008 R2 SSLF Domain Controller Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V1.0 Windows 2008 R2 SSLF Member Server Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V1.0 Windows 7 EC Desktop Replacement - MSCT Windows 10 and later Windows - MSCM V1.0 Windows 7 EC Domain Replacement - MSCT Windows 10 and later Windows - MSCM V1.0 Windows 7 EC Laptop Replacement - MSCT Windows 10 and later Windows - MSCM V1.0 Windows 7 SSLF Desktop Replacement - MSCT Windows 10 and later Windows - MSCM V1.0 Windows 7 SSLF Domain Replacement - MSCT Windows 10 and later Windows - MSCM V1.0 Windows 7 SSLF Laptop Replacement - MSCT Windows 10 and later Windows - MSCM V3.0 Windows Member Server 2012 Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V3.0 Windows Server 2012 DC Replacement - MSCT Windows Server 2012 R2 and later Windows - MSCM V3.0 Windows Server 2012 Hyper-V Replacement - MSCT Windows Server 2012 R2 and later Windows - DISA STIG Java JRE 6 Windows 7 v1r4 Reason for removal - Sunset by DISA Windows - DISA STIG Java JRE 6 for Windows XP v1r4 Reason for removal - Sunset by DISA Windows - DISA STIG Java JRE 7 for Windows 7 v1r4 Reason for removal - Sunset by DISA Windows - DISA STIG Java JRE 7 for Windows XP v1r4 Reason for removal - Sunset by DISA Removed Utility Audits: Windows - BSI-100-2 Windows 2005 Windows - Kaspersky Anti-Virus Windows - Windows Nessus Installation Check Unix - OWASP PHP Best Practice Moving to the Tenable GitHub Audit Files Repository (https://github.com/tenable/audit_files): Unix - unix_approved_software_rpm.audit Windows - financial_microsoft_windows_os_audit_guideline.audit Windows - financial_microsoft_windows_user_audit_guideline.audit Windows - financial_user_group_microsoft_windows_os_access_control_guideline.audit Windows - healthcare_microsoft_windows_access_control_guideline.audit Windows - healthcare_microsoft_windows_access_control_guideline_v2.audit Windows - healthcare_microsoft_windows_user_audit_guideline.audit Windows - healthcare_microsoft_windows_user_audit_guideline_v2.audit Windows - viral_file.audit Windows - viral_process.audit Windows - viral_registry.audit Windows - windows_approved_software.audit Windows - Windows_Firewall_Enabled.audit Target Release Date 05 April 2021 Additional Notes: As with any new audit or significant update, the items tested may vary and the results of a scan could be very different. We urge customers to always review and understand the contents of any new audit files before they are implemented in a scan. ---------------------------------------------------------------------------------------------------- Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.