Compliance Content support and requirements

This topic describes the installation requirements for Compliance Content, and also lists the policies that are supported by BMC Server Automation.

The topic includes the following sections:

Compliance Content installation requirements

Before beginning the installation of Compliance Content libraries for BMC Server Automation, verify that the requirements listed in the following table are met on the BMC Server Automation Application Server.

Notes

Perform this installation only on the Application Server of BMC Server Automation. Installation will not complete successfully if you attempt to install on any other host computer.

The installer for BMC Server Automation Compliance Content does not support installation in Console mode.

If you are running the installation process for the purpose of upgrading or repairing previously installed component templates, ensure that all existing Compliance Content component templates are closed (that is, not open for editing) in the BMC Server Automation Console.

Resource

Requirement

Core product

The computer on which you run the BMC Server Automation installer to install the Compliance Content libraries must have the following BMC Server Automation components installed:

  • BMC Server Automation Application Server installed

    If the BMC Server Automation Application Server was installed using the -local option, ensure that the NSHDIR, LD_LIBRARY_PATH, and PATH environment variables were set correctly on the Application Server host computer. For information, see Installing components in non-default installation paths using the local flag.
  • Network Shell installed
  • RSCD agent installed and running. The RSCD agent must be licensed (if it is running on versions earlier than 8.2). In addition, root equivalency for the RSCD agent must be set.

Memory

2 GB of RAM

Disk space

Up to 8 GB, depending on how many content libraries you install

600 MB of temporary space

Installer

For the installer to function properly, you must ensure that the following requirements are met:

  • Port 12333 (TCP) is free for use by the installer.
  • On Linux and UNIX systems, you must have an X Window server installed and configured.
  • On Red Hat Enterprise Linux systems, to support Compliance Content installation, you must have the following 32-bit library files (.i386 or .i686 extension) installed:

Note

For Compliance Content to support remote installation in IPv6 environment, you need to add IPv6 address and its host name, in /etc/hosts file in case of Linux system, and in ../Windows/System32/driver/etc/hosts file in case of Windows system.
Access and privileges

The OS user running the installer must also be granted root privileges through the users.local file on the Application Server and needs write access to the Applications Servers and File Server storage location.

For example, if you are logged onto the OS and you started the Compliance Content installer as Administrator, you need to have an entry such as the following in the users.local file on the Application Server(s) and File Server targeted by the installer:
Administrator rw,map=Administrator,hosts=<ip of system running content installer>

Or, if you are running the Compliance Installer as root:
root rw,map=root,hosts=<ip of system running content installer>

If the system that you are running the Compliance Content Installer from is configured to use a NSH proxy, you must ensure that the profile name used to authenticate in the Compliance Content Installer is configured in the local secure file as described in Setting up a Network Shell client to run in proxy mode.

Note

You cannot install compliance content remotely through an Application Server, which has a dual RSCD agent set up on it. To install compliance content successfully, ensure that you run the content installer locally from the Application Server with a user having BLAdmin privileges.

Best practices for running Compliance Content templates

BMC recommends the following best practices for running Compliance Content templates:

  • Run a single Compliance Job against a particular target, because compliance jobs are Application Server centric with high CPU utilization.
  • Limit the number of targets to be processed in parallel by the number of work item threads (WIT) available to execute jobs.
  • The CIS RHEL 6 and CIS Windows 2008 R2 out-of-the-box templates are tested against number of targets per Compliance Job. These two templates were shown to run successfully against 3000 targets, with job level parallelism equal to 100.
  • Run the BLPackages created as part of remediation job sequentially, rather than in parallel. Note that running the BLPackges sequentially requires more time. If multiple BLPackages are trying to access or modify the same file that is a part of remediation, then running multiple Deploy Jobs in parallel may lead to a deadlock.
  • It is recommended that you do not run multiple Compliance Jobs with the same set of targets at any given time.
  • Compliance Jobs can successfully run in parallel with a NSH Script Job. File Deploy Jobs and USP Jobs can also run in parallel, but this will affect the performance of Compliance Jobs.

Policy standards supported by out-of-the-box component templates


The following series of tables list the operating systems supported by Compliance Content component templates for the various types of policies, as targets for compliance analysis. For each relevant Compliance Content template, benchmark details (version/release and update) are provided. The versions of BMC Server Automation that support each policy and OS are indicated, with a clear indication of when each component template was introduced in the product.

Error rendering macro 'show-if' : Failed to render Visibility macro due to: @anonymous is not a valid user
Error rendering macro 'show-if' : Failed to render Visibility macro due to: @authenticated is not a valid user

Center for Internet Security (CIS)

Operating System

Supported BMC Server Automation versions / Benchmark details

8.28.38.58.68.78.88.9
Red Hat Enterprise Linux 5.x(tick)(tick)(tick)(tick)(tick)(tick)(tick)
2.0.0 of June, 2011 (in BSA 8.2.00) / December, 2011 (as of BSA 8.2.03)
Red Hat Enterprise Linux 6.x(error)(tick)(tick)(tick)(tick)(tick)(tick)
 1.1.0 of August, 2012
(as of BSA 8.3.02)
1.3.0 of May, 2014
(as of BSA 8.5.01)
1.4.0 of March, 2015

2.0.1 of June, 2016
(as of BSA 8.9.01)

Red Hat Enterprise Linux 7.x(error)(error)(error)(error)(tick)(tick)(tick)
 1.1.0 of April, 2015

2.1.0 of June, 2016
(as of BSA 8.9.01)

Windows Server 2003 for Domain Controllers(tick)(tick)(tick)(tick)(tick)(tick)(tick)
2.0 of November, 2007
Windows Server 2003 for Member Servers(tick)(tick)(tick)(tick)(tick)(tick)(tick)
2.0 of November, 2007
Windows Server 2008(tick)(tick)(tick)(tick)(tick)(tick)(tick)
1.0.0 of March, 2010 (in BSA 8.2.00)
1.2.0 of September, 2011 (as of BSA 8.2.03)
2.1.0 of March, 2013
Windows Server 2008 R2(error)(error)(error)(error)(tick)(tick)(tick)
 2.1.0 of December, 20133.0.0 of April, 2016
(as of BSA 8.9.01)
Windows Server 2012(error)(tick)(tick)(tick)(tick)(tick)(tick)
 1.0 of January, 2013
(introduced in BSA 8.3.02.001;
updated to Native-based in 60% of the rules in BSA 8.5.01)
Windows Server 2012 R2(error)(error)(error)(error)(tick)(tick)(tick)
 1.1.0 of November, 2014

2.2.0 of April, 2016

IBM AIX 6.1/5.3(error)(error)(error)(tick)(tick)(tick)(tick)
 1.1.0 of September, 2012
IBM AIX 7.1(error)(error)(error)(tick)(tick)(tick)(tick)
 1.1.0 of September, 2013
Oracle Solaris 11.1(error)(error)(error)(error)(tick)(tick)(tick)
 1.0.0 of October, 2013
Novell SuSE Linux Enterprise Server 10(error)(error)(error)(tick)(tick)(tick)(tick)
 1.0.0 of September, 2013
Novell SuSE Linux Enterprise Server 11(error)(error)(error)(tick)(tick)(tick)(tick)
 1.0.0 of September, 2013

Defense Information Systems Agency (DISA)

Operating System

Supported BMC Server Automation versions / Benchmark details

8.38.58.68.78.88.9
Windows Server 2003 DC(tick)(tick)(tick)(tick)(tick)(tick)
Version 6/Release 1.30 of October, 2013
(as of BSA 8.3.02.001)
Version 6/Release 36 of April, 2015
Windows Server 2003 MS(tick)(tick)(tick)(tick)(tick)(tick)
Version 6/Release 1.30 of October, 2013
(as of BSA 8.3.02.001)
Version 6/Release 36 of April, 2015
Windows Server 2008 DC(tick)(tick)(tick)(tick)(tick)(tick)
Version 6/Release 1.22
of July, 2013
(as of BSA 8.3.02)
Version 6/Release 1.30 of July, 2015Version 6/
Release 1.31
of October, 2015
Version 6/
Release 1.32
of April, 2016
Windows Server 2008 MS(tick)(tick)(tick)(tick)(tick)(tick)
Version 6/Release 1.22
of July, 2013
(as of BSA 8.3.02)
Version 6/Release 1.30 of July, 2015

Version 6/
Release 1.31
of October, 2015

Version 6/
Release 1.32
of April, 2016
Windows Server 2008 R2 DC(tick)(tick)(tick)(tick)(tick)(tick)
Version 1/Release 8 of July, 2013
(as of BSA 8.3.02)
Version 1/
Release 15
of April, 2015
Version 1/Release 17
of October, 2015
Windows Server 2008 R2 MS(tick)(tick)(tick)(tick)(tick)(tick)
Version 1/Release 8 of July, 2013
(as of BSA 8.3.02)
Version 1/
Release 15
of April, 2015
Version 1/Release 17
of October, 2015
Windows Server 2012 DC(error)(error)(tick)(tick)(tick)(tick)



Version 1/Release 4
of July, 2014
Version 1/Release 6 of January, 2015

Version 2/Release 4

of April, 2016

Windows Server 2012 MS(error)(error)(tick)(tick)(tick)(tick)



Version 1/Release 4
of July, 2014
Version 1/Release 6 of January, 2015Version 2/Release 4
of April, 2016
Windows Server 2012 R2 DC

(error)

(error)(tick)(tick)(tick)(tick)
  Version 1/Release 4
of July, 2014
Version 1/Release 6 of January, 2015

Version 2/Release 4

of April, 2016

Windows Server 2012 R2 MS

(error)

(error)(tick)(tick)(tick)(tick)
  Version 1/Release 4
of July, 2014
Version 1/Release 6 of January, 2015

Version 2/Release 4

of April, 2016

Windows Server 2016(error)(error)(error)(error)(error)(tick)



Version 1/Release 1. 20 of January 2017 (As of BSA 8.9.02)

Red Hat Enterprise Linux 5(tick)(tick)(tick)(tick)(tick)(tick)
Version 1/Release 4 of July, 2013
(as of BSA 8.3.02.001)
Version 1/
Release 10
of April, 2015
Version 1/
Release 12
of October, 2015

Version 1/
Release 14
of April, 2016

Red Hat Enterprise Linux 6(error)(tick)(tick)(tick)(tick)(tick)
 Version 1/Release 2 of July, 2013
(as of BSA 8.5.01)
Version 1/
Release 6
of January, 2015
Version 1/
Release 9
of October, 2015
Version 1/
Release 11
of April, 2016
Red Hat Enterprise Linux 7(error)(error)(error)(error)(error)(tick)





Version 1/Release 1. 27 of February 2017 (As of BSA 8.9.02)

IBM AIX 6.1(error)(error)(tick)(tick)(tick)(tick)
 Version 1/Release 2 of July, 2014
HP-UX 11.23(error)(tick)(tick)(tick)(tick)(tick)
 Version 1/Release 3 of July, 2013
(as of BSA 8.5.01)
Version 1/Release 4 of January, 2015
HP-UX 11.31(error)(tick)(tick)(tick)(tick)(tick)
 

Version 1/Release 3 of July, 2013
(as of BSA 8.5.01)

Version 1/Release 6 of April, 2015
Oracle Solaris 10 x86(error)(error)(tick)(tick)(tick)(tick)
 Version 1/Release 5
of January, 2014
Version 1/Release 9 of January, 2015
Oracle Solaris 10 SPARC(error)(error)(tick)(tick)(tick)(tick)
 Version 1/Release 5
of January, 2014
Version 1/Release 9 of January, 2015
Oracle Solaris 11 x86(error)(error)(tick)(tick)(tick)(tick)
 Version 1/Release 1
of April, 2014
Version 1/Release 2 of January, 2015
Oracle Solaris 11 SPARC(error)(error)(tick)(tick)(tick)(tick)
 Version 1/Release 1
of April, 2014
Version 1/Release 2 of January, 2015

Payment Card Industry (PCI)

Operating SystemBenchmark detailsSupported BMC Server
Automation versions
8.28.38.58.68.78.88.9
PCIv3
Windows Server 20123.0 of November 2013(error)(error)

(tick)

(as of
BSA
8.5.01)

(tick)(tick)(tick)(tick)
Windows Server 2012 R23.0 of November 2013(error)(error)(error)(error)(error)(tick)(tick)
Windows Server 2008 R23.0 of November 2013(error)(error)(error)(error)(error)(error)(tick)
Red Hat Enterprise Linux 6.x3.0 of November 2013(error)(error)

(tick)

(as of
BSA
8.5.01)

(tick)(tick)(tick)(tick)
Red Hat Enterprise Linux 7.x3.0 of November 2013(error)(error)(error)(error)(error)(tick)(tick)
IBM AIX 6.1/5.33.0 of November 2013(error)(error)(error)(tick)(tick)(tick)(tick)
IBM AIX 7.13.0 of November 2013(error)(error)(error)(tick)(tick)(tick)(tick)
Novell SuSE Linux Enterprise Server 103.0 of November 2013(error)(error)(error)(tick)(tick)(tick)(tick)
Novell SuSE Linux Enterprise Server 113.0 of November 2013(error)(error)(error)(tick)(tick)(tick)(tick)
PCIv2
Red Hat Enterprise Linux 5.x2.0 of October, 2010(error)(tick)(tick)(tick)(tick)(tick)(tick)
Windows Server 20082.0 of October, 2010(error)(tick)(tick)(tick)(tick)(tick)(tick)
PCI
HPUX 11i v11.2 of October, 2008(tick)(tick)(tick)(tick)(tick)(tick)(tick)
HPUX 11i v21.2 of October, 2008(tick)(tick)(tick)(tick)(tick)(tick)(tick)
HPUX 11i v31.2 of October, 2008(tick)(tick)(tick)(tick)(tick)(tick)(tick)
Oracle Solaris 8-91.2 of October, 2008(tick)(tick)(tick)(tick)(tick)(tick)(tick)
Oracle Solaris 101.2 of October, 2008(error)(tick)(tick)(tick)(tick)(tick)(tick)
Windows Server 20031.2 of October, 2008(tick)(tick)(tick)(tick)(tick)(tick)(tick)

Sarbanes-Oxley (SOX) Act

Operating SystemSupported BMC Server
Automation versions
8.38.58.68.78.88.9
IBM AIX 5.2(tick)(tick)(tick)(tick)(tick)(tick)
IBM AIX 5.3(tick)(tick)(tick)(tick)(tick)(tick)
HP-UX 11i v1(tick)(tick)(tick)(tick)(tick)(tick)
HP-UX 11i v2(tick)(tick)(tick)(tick)(tick)(tick)
HP-UX 11i v3(tick)(tick)(tick)(tick)(tick)(tick)
RedHat Linux RHEL ES/AS 3(tick)(tick)(tick)(tick)(tick)(tick)
RedHat Linux RHEL ES/AS 4.x(tick)(tick)(tick)(tick)(tick)(tick)
RedHat Linux RHEL ES/AS 5.x(tick)(tick)(tick)(tick)(tick)(tick)
Oracle Solaris 8-9(tick)(tick)(tick)(tick)(tick)(tick)
Oracle Solaris 10(tick)(tick)(tick)(tick)(tick)(tick)
Novell SuSE Linux Enterprise Server 9-10(tick)(tick)(tick)(tick)(tick)(tick)
Windows Server 2003(tick)(tick)(tick)(tick)(tick)(tick)

Health Insurance Portability and Accountability Act (HIPAA) 

Operating SystemSupported BMC Server
Automation versions
8.38.58.68.78.88.9
IBM AIX 5.2(tick)(tick)(tick)(tick)(tick)(tick)
IBM AIX 5.3(tick)(tick)(tick)(tick)(tick)(tick)
HPUX 11i v1(tick)(tick)(tick)(tick)(tick)(tick)
HPUX 11i v2(tick)(tick)(tick)(tick)(tick)(tick)
HPUX 11i v3(tick)(tick)(tick)(tick)(tick)(tick)
RedHat Linux RHEL ES/AS 3(tick)(tick)(tick)(tick)(tick)(tick)
RedHat Linux RHEL ES/AS 4.x(tick)(tick)(tick)(tick)(tick)(tick)
RedHat Linux RHEL ES/AS 5.x(tick)(tick)(tick)(tick)(tick)(tick)
RedHat Enterprise Linux 5(error)(error)(error)(tick)(tick)(tick)
RedHat Enterprise Linux 6(error)(error)(error)(tick)(tick)(tick)
RedHat Enterprise Linux 7(error)(error)(error)(tick)(tick)(tick)
Oracle Solaris 8-9(tick)(tick)(tick)(tick)(tick)(tick)
Oracle Solaris 10(tick)(tick)(tick)(tick)(tick)(tick)
Novell SuSE Linux Enterprise Server 9-10(tick)(tick)(tick)(tick)(tick)(tick)
Windows Server 2003(tick)(tick)(tick)(tick)(tick)(tick)
Windows Server 2008(error)(error)(error)(tick)(tick)(tick)
Windows Server 2012(error)(error)(error)(tick)(tick)(tick)
 


Was this page helpful? Yes No Submitting... Thank you

Comments