What's new in this version
Security Content Automation Protocol (SCAP) is a specification established by the National Institution of Standards and Technology (NIST). It consists of a suite of specifications for standardizing the format and nomenclature by which security software communicates information about software flaws and security configurations:
- It is part of CM Compliance Management
- It is wizard driven as needed.
- It manages SCAP packages (security checklists), typically of two varieties (CVE and CCE). These packages contain the compliance tests and verifications:
- It imports, validates, and deletes packages as needed.
- It set alerts for non-compliance for devices or device groups.
- You can create, modify and activate SCAP jobs:
- You can assign devices and device groups.
- You can assign a schedule.
- You can set rule exceptions.
- You can examine the applied rules.
- You can analyze reports and the result dashboard.
- The Lists view allows you to import downloaded CVE and CCE lists.
- The Alerts view shows existing alerts and adds new alerts.
Operational rule usability and GoTo logic
- All steps that perform any type of verification, for example, check for a file, are grouped.
- Rule parameters are now organized on three tabs according to their usage.
- Verification and stop conditions are more readable.
- If-then-else logic
- Go to any step
- Steps can be defined later
- Rules now ensure that path, file, user parameters are correct.
- IPv6 is supported in both IPv6-only networks, and in mixed mode environments. Communication is attempted on both IPv4 and IPv6 if one fails.
- Agent communication, the console, topology, reports and many more items were updated to support these addresses.
- The scheduler now includes a summary that displays the defined schedule in natural language.
- The different parts of the scheduler become available as necessary when making specific selections.
Security profile wizard
A new security profile was added, enabling you to create, define and configure new administrators and administrator groups and their security profiles.
- You can now merge any two devices, with the exception of critical devices such as the master and relays.
- If you reimage and reassign a device, you need not remove old records.
- The data that you merge is clearly displayed, and you can choose various items to overwrite or ignore.
Mass MSI import
Groups of MSI files can be imported and have their MSI packages automatically created in CM , via the agent interface.
- Reauthentication of the user is now automatic; the five-minute-timeout at user inactivity was removed.
- When installing an item from MyApps, users do not need to provide authentication.
Asset custom fields
A section for customized information was added to the device type. Here you can add individual fields that do not exist but you require.
Custom device types
It is now possible to add and remove custom device types in the Financial Asset Management functionality.
Load testing and performance
- Console, database and file transfer mechanisms were optimized.
- New best practices sections were added for each database type in the Database Reference manual.
Direct access respects user permissions
- It is possible to configure CM administrator privileges for a device.
- Access to files and registry can now be limited for administrators.
Additional web services
- Add attachments to assets
- Associate assets with users
- Add a field to an asset
- Get asset lifecycle status
New console download page
- Updated console login page to add a device's current certificate to the trusted store
- Applying a hotfix to CM automatically updates all existing rollouts, to be sure new agents are properly updated.
- It is now possible to delete an object which has other objects assigned to it. Previously, you had to manually unassign objects before deleting something; now you can just override and delete at will.
- An option was added that allows you to exclude deprecated devices from Software Licensing.
- Additional fields were added to the User object. Each field can be customized to import from whatever AD fields you want.
- The locations of the Refresh and Lock Console buttons were modified to avoid locking your console when you are trying to get an update.
- If you created an integration with BMC FootPrints Service Core . you can now monitor websites or servers and create Service Core tickets when the site goes down.
- The default value for the parameter Do you want affected devices to be assigned to the patch group? was set to no, as this setting caused too many devices to be patched, some of them completely unexpectedly.
- A new report was added for patching: Patch Job History .
- The Location field has become a drop-down field.
- Branding the company logo onto the OSD deployment splash screen is now documented; that is, which files to replace and with which file types and sizes.
- Security profiles can now be configured to allow remote control on only some devices.
- The default value for the Save View parameter was changed to csv file.