This topic describes the system requirements for implementing BMC Helix Cloud Security in your environment. Requirements fall into the following categories:
Operating systems and browsers
The following table lists the requirements for the various components required to use Cloud Security:
Disk space required
|Computer on which the connector is downloaded||Java OpenJDK 11.0.2||10 MB or more to allow the logs to grow|
Google Chrome (Versions 64 to Chrome 80 beta)
Microsoft Edge (Versions 41.16 to 42.17)
Currently, Edge browsers do not support the ability to export data to PDF. Therefore, in Policy, the Export to PDF functionality is unavailable on the Dashboard and Transaction Utilization page. This feature is still available using Chrome browsers.
Connector prerequisites and CIS Benchmarks
Ensure that you have the minimum permissions required to run compliance. You specify these permissions in the Permissions tab in AWS, which lists the minimum set of AWS Policies that an IAM user must have for the AWS connector to run.
Ensure that the computer on which the connector is downloaded has Java OpenJDK 11.0.2 installed on it, and that all Azure prerequisites detailed in Microsoft's documentation are met, including a Subscription ID, Active Directory permissions, a tenant ID, and key vault permissions.
This version of Cloud Security supports the Center for Internet Security (CIS) Microsoft Azure Foundations Benchmark version 1.0.0 for Microsoft Azure.
For more information, see Azure On-Premise Connector.
Ensure that the computer on which the connector is downloaded meets prerequisites for both the Chef Workstation and the Chef Development Kit.
For more information, see Chef connector.
The Docker connector enables you to collect data from Docker Containers, Docker Hosts, and Docker Daemons, and evaluate Docker content against the Center for Internet Security (CIS) Docker 1.12 Benchmark. This policy is created based on the recommended Docker Host, Docker Container, and Docker Daemon settings defined by CIS Docker 1.12.0 Benchmark Version 1.0.0, published on August 8th, 2016.
Ensure that the computer on which the connector is downloaded meets prerequisites for either single host or clustered (Kubernetes) deployments.
This release supports CIS Docker 1.12.0 and 1.13.0 for both single host and Kubernetes environments.
For more information, see Docker Connector.
Ensure that the connector and target environments meet required prerequisites before onboarding the Server connector.For more information, see Server connector.
Policies for remediation actions
Currently, remediation actions are available and supported for the following AWS policies:
|Policy||Resource Type||Current Limitations|
CIS Amazon Web Services Foundations Benchmark
Before remediating violations, you must provide the name of the SNS topic from your AWS account as a remediation parameter.
The SNS topic must:
After a rule is remediated: