NetIQ Secure Configuration Manager Module for SCAP 2.3 adds support for Secure Configuration Manager 6.1 and Windows Agent 6.1.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Secure Configuration Manager forum, our community website that also includes product notifications, blogs, and product user groups.
For more information about Secure Configuration Manager, see the Secure Configuration Manager website.
For the latest version of this release notes, see the NetIQ Secure Configuration Manager 6.1 documentation website.
NetIQ Secure Configuration Manager Module for SCAP (the SCAP module) adds support for the following products:
Secure Configuration Manager 6.1
NetIQ Secure Configuration Manager Windows Agent 6.1
This release requires the following product versions, at a minimum:
Secure Configuration Manager 6.1
NetIQ Secure Configuration Manager Windows Agent 6.1
For the most recently updated list of supported application versions, see the NetIQ Secure Configuration Manager Technical Information page. For detailed information on hardware requirements and supported operating systems, and browsers, see the NetIQ Secure Configuration Manager SCAP Module Guide.
This release includes the following versions of the SCAP Module components:
Secure Configuration Manager component 6.1
NetIQ Secure Configuration Manager Windows Agent component 6.1
Install the Secure Configuration Manager component on the Core Services computer. For more information about requirements for this component, see the NetIQ Secure Configuration Manager SCAP Module Guide.
When updating the SCAP module for Window agent component, consider the following scenarios:
If you have Windows agents at version 5.9 or later without an SCAP module installed, update the agents to version 6.1 and install SCAP module.
If you have Windows agents at version 6.1, you can deploy this SCAP module update from the Secure Configuration Manager console using the deployment wizard.
Either install the SCAP module for Windows agent component locally on the agent computer or use the console to deploy a special .nap package to remote agent computers. For more information about installing and deploying the SCAP module for Windows agent component, see the NetIQ Secure Configuration Manager SCAP Module Guide.
(Conditional) To upgrade the SCAP component on a Windows agent at version 5.9.1 or later on a local computer, run the following command from the directory containing the component installation file:
msiexec.exe /i NetIQSCAPModuleForWindowsAgents.msi REINSTALL=ALL REINSTALLMODE=vomus
For assistance with installation or upgrades, contact Technical Support.
Complete the following steps to verify that the installation was successful on the Core Services computer:
Log on to the Secure Configuration Manager console.
On the Help menu, click About NetIQ Secure Configuration Manager.
Under Patch Summary, click Database.
Verify that the tab lists Version 6.1 for the most recently installed SCAP Module.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
After the installation, importing SCAP templates to Secure Configuration Manager console fails. Workaround for this issue is to restart NetIQ Core Services. (BUG 937972)
Secure Configuration Manager might inappropriately apply a risk score to Windows Server 2003 endpoints for security checks that do not apply to the endpoints, or when the policy template report lists the endpoint as “unknown”. This issue occurs when you run an SCAP policy template containing checks that apply to multiple endpoint types against multiple endpoints, including a Windows Server 2003 endpoint. (BUG 953300)
The XCCDF Conversion utility incorrectly reports errors while converting XCCDF benchmark files to templates. The following messages are examples of the incorrectly reported errors:
cpe USGCB-ie8-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component
cpe USGCB-Windows-7-firewall-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component
cpe irm-10.8.10-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component
Even though the messages report errors, the utility successfully creates the policy templates, and you can import the templates and run them against endpoints displaying valid data. (BUG 953314)
If a managed group contains a combination of Windows XP and Windows Vista endpoints, exported SCAP results inaccurately report the number of endpoints per operating system type. This issue occurs because, when generating the XCCDF file, Secure Configuration Manager applies the type of the first reported endpoint to all endpoints in the group, such as Windows Vista. For example, the South Texas managed group contains three Windows XP endpoints and two Vista ones. You run an assessment against the South Texas group, export the results as XCCDF, and then run the FDCC Reporting Utility to generate a compliance report. The final report lists five Windows Vista endpoints and zero Windows XP systems.
To work around this issue, create managed groups for each operating system type. You can nest managed groups within higher-level groups. For example, My Groups > South Texas > XP Laptops and My Groups > South Texas > Vista Laptops. Then run separate jobs against the lower-level groups, such as one job for the XP Laptops. (BUG 953345)
When you specify credentials for the Report Loader, Secure Configuration Manager displays asterisks for no more than 20 characters entered in the Password field. However, regardless of the asterisks displayed in the field, Secure Configuration Manager supports passwords up to 40 characters. (BUG 953348)
Creating FDCC compliance reports fails, because you cannot export policy template reports to XCCDF format. (BUG 891524)
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of the Secure Configuration Manager forum, our community Web site that offers product forums, product notifications, blogs, and product user groups.
For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions, U.S. Government restricted rights, patent policy, and FIPS compliance, see http://www.netiq.com/company/legal/.
Copyright © 2016 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/. All third-party trademarks are the property of their respective owners.