FISMA, STIG & SCAP

Compliance Summary Report

by Cody Dumont
February 27, 2014

 Compliance Summary Screen Shot
This report provides a template for reporting on 13 compliance standards. Each compliance standard is summarized with historic matrix, host summary table, and the compliance check summary table. The report is designed to provide a full report or a subset of reporting. The compliance officer or security manager can import this report using the app feed, and by selecting the specific chapters, the report can be easily customized.

NIST 800-53

by Dave Breslin
February 22, 2013

This report template leverages configuration results with NIST 800-53 control references to determine 800-53 compliance.

DISA Control Correlation Identifier (CCI) Report Template

by Ron Gula
February 13, 2013

This report shows which unique Control Correlation Identifiers (CCI) have passing or failing settings. It is a great way to perform a DISA STIG audit and then to quickly be able to identify and report which CCIs are compliant or not compliant across several Redhat servers.

CyberScope System Report

by Randal T. Rioux
August 8, 2012

Cyberscope_screengrab

SecurityCenter helps automate CyberScope reporting requirements in a number of ways. This report summarizes the active discovery findings related to the CVE, CCE and CPE CyberScope areas for each system in a specific asset group.

This is not a LASR report for DHS submission. The goal of this report is to give you an immediate idea of your CyberScope preparedness.

CIS and DISA Apache Linux Web Server Auditing

by Dave Breslin
March 20, 2012

CISConfDetails

This report template is designed to measure CIS, Center for Internet Security, or DISA, Defense Information Systems Agency, Apache Web Server compliance and list issues in detail leveraging Nessus agentless audits. The sample table above was generated by one of five chapters in the template and lists fifteen CIS Apache benchmark compliance failures for a web server. To see full reports for CIS and DISA agentless audits use the download example links.

CIS and DISA SQL Server Auditing

by Dave Breslin
March 19, 2012

DISASample

This report template is designed to measure CIS, Center for Internet Security, or DISA, Defense Information Systems Agency, SQL Server compliance and list issues in detail leveraging Nessus agentless audits. The sample table above was generated by one of four chapters in the template and lists seven compliance failures for a SQL Server database using checks engineered from the DISA SQL Server 2005 (SQL Server 9) Security Technical Implementation Guide, STIG. To see full reports for CIS and DISA agentless audits use the download example links.

CIS and DISA IIS Web Server Auditing

by Dave Breslin
March 16, 2012

CISIIS6Sample

This report template is designed to measure CIS, Center for Internet Security, or DISA, Defense Information Systems Agency, IIS Web Server compliance and list issues in detail leveraging Nessus agentless audits. The sample table above was generated by one of five chapters in the template and lists five CIS IIS 6 benchmark compliance failures for a web server. To see full reports for CIS and DISA agentless audits use the download example links.

CIS and DISA Cisco Auditing

by Dave Breslin
March 14, 2012

  Firewallsample

This report template is designed to measure CIS, Center for Internet Security, or DISA, Defense Information Systems Agency, compliance of Cisco routers, firewalls and switches. It lists issues in detail leveraging agentless audits. The sample table above was generated by one of four chapters in the template and lists five CIS firewall benchmark compliance failures for an ASA Firewall. To see full reports for CIS and DISA agentless audits use the download example links.