NetIQ Secure Configuration Manager Module for SCAP 2.2 adds support for Secure Configuration Manager 6.0 and Windows Agent 6.0.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable inputs. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Secure Configuration Manager forum, our community web site that also includes product notifications, blogs, and product user groups.
For more information about this release and for the latest release notes, see the Secure Configuration Manager Documentation website. To download this product, see the Secure Configuration Manager website.
For more information about Secure Configuration Manager, see the website.
The following outline the key features and functions provided by this version of NetIQ Secure Configuration Manager Module for SCAP (the SCAP module) in this release:
This version of the SCAP module adds support for the following products:
Secure Configuration Manager 6.0
NetIQ Secure Configuration Manager Windows Agent 6.0
This release requires the following product versions, at a minimum:
NetIQ Secure Configuration Manager 6.0
NetIQ Secure Configuration Manager Windows Agent 6.0
For the most recently updated list of supported application versions, see the Secure Configuration Manager Technical Information page. For detailed information on hardware requirements and supported operating systems, and browsers, see the NetIQ Secure Configuration Manager Module for SCAP Module Guide.
This release includes the following versions of the SCAP Module components:
Secure Configuration Manager component 6.0
Secure Configuration Manager Windows Agent component 6.0
Install the Secure Configuration Manager component on the Core Services computer. For more information about requirements for this component, see the NetIQ Secure Configuration Manager Module for SCAP Module Guide.
When updating the SCAP module for Window agent component, consider the following scenarios:
If you have Windows agents at version 5.9 or later without an SCAP module installed, update the agents to version 6.0 and install SCAP module.
If you have Windows agents at version 6.0, you can deploy this SCAP module update from the Secure Configuration Manager console using the deployment wizard.
Either install the SCAP module for Windows agent component locally on the agent computer or use the console to deploy a special .nap package to remote agent computers. For more information about installing and deploying the SCAP module for Windows agent component, see the NetIQ Secure Configuration Manager Module for SCAP Module Guide.
(Conditional) To upgrade the SCAP component on a Windows agent at version 5.9.1 or later on a local computer, run the following command from the directory containing the component installation file:
msiexec.exe /i NetIQSCAPModuleForWindowsAgents.msi REINSTALL=ALL REINSTALLMODE=vomus
For assistance with installation or upgrades, contact Technical Support.
Complete the following steps to verify that the installation was successful on the Core Services computer.
To check the installed version:
Log on to the Secure Configuration Manager console.
On the Help menu, click About NetIQ Secure Configuration Manager.
Under Patch Summary, click Database.
Verify that the tab lists Version 6.0 for the most recently installed SCAP Module.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
After the installation, importing SCAP templates to Secure Configuration Manager console fails. Workaround for this issue is to restart NetIQ Core Services. (BUG 937972)
Secure Configuration Manager might inappropriately apply a risk score to Windows Server 2003 endpoints for security checks that do not apply to the endpoints, or when the policy template report lists the endpoint as “unknown”. This issue occurs when you run an SCAP policy template containing checks that apply to multiple endpoint types against multiple endpoints, including a Windows Server 2003 endpoint. (BUG 953300)
The XCCDF Conversion utility incorrectly reports errors while converting XCCDF benchmark files to templates. The following messages are examples of the incorrectly reported errors:
cpe USGCB-ie8-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component.
cpe USGCB-Windows-7-firewall-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component.
cpe irm-10.8.10-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component.
Even though the messages report errors, the utility successfully creates the policy templates, and you can import the templates and run them against endpoints displaying valid data. (BUG 953314)
If a managed group contains a combination of Windows XP and Windows Vista endpoints, exported SCAP results inaccurately report the number of endpoints per operating system type. This issue occurs because, when generating the XCCDF file, Secure Configuration Manager applies the type of the first reported endpoint to all endpoints in the group, such as Windows Vista. For example, the South Texas managed group contains three Windows XP endpoints and two Vista ones. You run an assessment against the South Texas group, export the results as XCCDF, and then run the FDCC Reporting Utility to generate a compliance report. The final report lists five Windows Vista endpoints and zero Windows XP systems.
To work around this issue, create managed groups for each operating system type. You can nest managed groups within higher-level groups. For example, My Groups > South Texas > XP Laptops and My Groups > South Texas > Vista Laptops. Then run separate jobs against the lower-level groups, such as one job for the XP Laptops. (BUG 953345)
When you specify credentials for the Report Loader, Secure Configuration Manager displays asterisks for no more than 20 characters entered in the Password field. However, regardless of the asterisks displayed in the field, Secure Configuration Manager supports passwords up to 40 characters. (BUG 953348)
Creating FDCC compliance reports fails, because you cannot export policy template reports to XCCDF format. (BUG 891524)
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of the Secure Configuration Manager forum, our community Web site that offers product forums, product notifications, blogs, and product user groups.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2015 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.