Compliance Content support and requirements
This topic describes the installation requirements for Compliance Content, and also lists the policies that are supported by TrueSight Server Automation.
The topic includes the following sections:
Before you begin
If you are installing TrueSight Server Automation for the first time, you can load the compliance content by using one of the following methods:
- Install manually. For information about how to install compliance content manually, see Walkthrough: Loading compliance content.
- Through Auto-Content import job. After TrueSight Server Automation is installed successfully, the Auto-Content import job is started in the background. You can also check the status of this job.
If you are upgrading TrueSight Server Automation, compliance content is not upgraded automatically. Ensure that you use the content installer for the specific versions of the application server. For information about how to install the compliance content, see Walkthrough: Loading compliance content.The back up of the compliance content installer is also stored in the <FileServerPath>\storage\installer_bundle\<operatingsystem>\files\compliance_content directory in the file server. For example:
| Windows file server | C:\Program Files\BMC Software\BladeLogic\storage\installer_bundle\windows\files\compliance_content |
|---|---|
| Linux file server | /opt/bmc/bladelogic/storage/installer_bundle/linux/files/compliance_content |
Compliance Content installation requirements
Before beginning the installation of Compliance Content libraries for TrueSight Server Automation, verify that the requirements listed in the following table are met on the TrueSight Server Automation Application Server.
Notes
Perform this installation only on the Application Server of TrueSight Server Automation. Installation will not complete successfully if you attempt to install on any other host computer.
The installer for TrueSight Server Automation Compliance Content does not support installation in non-GUI mode (Console mode). It will need GUI access (X server) to complete the installation.
If you are running the installation process for the purpose of upgrading or repairing previously installed component templates, ensure that all existing Compliance Content component templates are closed (that is, not open for editing) in the TrueSight Server Automation Console.
Resource | Requirement |
|---|---|
Core product | The computer on which you run the TrueSight Server Automation installer to install the Compliance Content libraries must have the following TrueSight Server Automation components installed:
|
Memory | 2 GB of RAM |
Disk space | Up to 8 GB, depending on how many content libraries you install 600 MB of temporary space |
Installer | For the installer to function properly, you must ensure that the following requirements are met:
Note For Compliance Content to support remote installation in IPv6 environment, you need to add IPv6 address and its host name, in /etc/hosts file in case of Linux system, and in ../Windows/System32/driver/etc/hosts file in case of Windows system. |
| Access and privileges | The OS user running the installer must also be granted root privileges through the users.local file on the Application Server and needs write access to the Applications Servers and File Server storage location. For example, if you are logged onto the OS and you started the Compliance Content installer as Administrator, you need to have an entry such as the following in the users.local file on the Application Server(s) and File Server targeted by the installer: Or, if you are running the Compliance Installer as root: If the system that you are running the Compliance Content Installer from is configured to use a NSH proxy, you must ensure that the profile name used to authenticate in the Compliance Content Installer is configured in the local secure file as described in Setting up a Network Shell client to run in proxy mode. Note You cannot install compliance content remotely through an Application Server, which has a dual RSCD agent set up on it. To install compliance content successfully, ensure that you run the content installer locally from the Application Server with a user having BLAdmin privileges. |
Best practices for running Compliance Content templates
BMC recommends the following best practices for running Compliance Content templates:
- Run a single Compliance Job against a particular target, because compliance jobs are Application Server centric with high CPU utilization.
- Limit the number of targets to be processed in parallel by the number of work item threads (WIT) available to execute jobs.
- The CIS RHEL 6 and CIS Windows 2008 R2 out-of-the-box templates are tested against number of targets per Compliance Job. These two templates were shown to run successfully against 3000 targets, with job level parallelism equal to 100.
- Run the BLPackages created as part of remediation job sequentially, rather than in parallel. Note that running the BLPackges sequentially requires more time. If multiple BLPackages are trying to access or modify the same file that is a part of remediation, then running multiple Deploy Jobs in parallel may lead to a deadlock.
- It is recommended that you do not run multiple Compliance Jobs with the same set of targets at any given time.
- Compliance Jobs can successfully run in parallel with a NSH Script Job. File Deploy Jobs and USP Jobs can also run in parallel, but this will affect the performance of Compliance Jobs.
Policy standards supported by out-of-the-box component templates
The following series of tables list the operating systems supported by Compliance Content component templates for the various types of policies, as targets for compliance analysis. For each relevant Compliance Content template, benchmark details (version/release and update) are provided. The versions of TrueSight Server Automation that support each policy and OS are indicated, with a clear indication of when each component template was introduced in the product.
Center for Internet Security (CIS)
| Operating System | Supported TrueSight Server Automation versions / Benchmark details | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| 8.2 | 8.3 | 8.5 | 8.6 | 8.7 | 8.8 | 8.9 | 8.9.03 | 8.9.04 | 8.9.04.001 | 8.9.04.003 | |
| CentOS Linux 7 |  | | | | | | | | | |  |
| Version 2.2.0 of December, 2017 | |||||||||||
| Oracle Linux 7 | | | | | | | | | | | |
| Version 2.1.0 of December, 2017 | |||||||||||
| Oracle Linux 6 | | | | | | | | | | | |
| Version 1.1.0 of December, 2017 | |||||||||||
| Ubuntu Linux 18.04 | | | | | | | | | | | |
| Version 1.0.0 of August, 2018 | |||||||||||
| Red Hat Enterprise Linux 5.x | | | | | | | | | | | |
| 2.0.0 of June, 2011 (in BSA 8.2.00) / December, 2011 (as of BSA 8.2.03) | |||||||||||
| Red Hat Enterprise Linux 6.x | | | | | | | | | | | |
| 1.1.0 of August, 2012 (as of BSA 8.3.02) | 1.3.0 of May, 2014 (as of BSA 8.5.01) | 1.4.0 of March, 2015 | 2.0.1 of June, 2016 | Version 2.1.0 of December, 2017 | |||||||
| Red Hat Enterprise Linux 7.x | | | | | | | | | |
| |
| 1.1.0 of April, 2015 | 2.1.0 of June, 2016 | Version 2.2.0 of December, 2017 | |||||||||
| Windows Server 2003 for Domain Controllers | | | | | | | | | |
| |
| 2.0 of November, 2007 | |||||||||||
| Windows Server 2003 for Member Servers | | | | | | | | | | | |
| 2.0 of November, 2007 | |||||||||||
| Windows Server 2008 | | | | | | | | | | | |
| 1.0.0 of March, 2010 (in BSA 8.2.00) 1.2.0 of September, 2011 (as of BSA 8.2.03) | 2.1.0 of March, 2013 | Version 3.1.0 of March, 2018 | |||||||||
| Windows Server 2008 R2 | | | | | | | | | | | |
| 2.1.0 of December, 2013 | 3.0.0 of April, 2016 (as of BSA 8.9.01) | Version 3.1.0 of March, 2018 | |||||||||
| Windows Server 2012 | | | | | | | | | |
| |
| 1.0 of January, 2013 (introduced in BSA 8.3.02.001; updated to Native-based in 60% of the rules in BSA 8.5.01) | Version 2.1.0 of March, 2018 | ||||||||||
| Windows Server 2012 R2 | | | | | | | | | |
| |
| 1.1.0 of November, 2014 | 2.2.0 of April, 2016 | Version 2.3.0 of March, 2018 | |||||||||
| Windows Server 2016 | | | | | | | | | |
| |
Version 1.1.0 of October, 2018 | |||||||||||
| IBM AIX 6.1/5.3 | | | | | | | | | |
| |
| 1.1.0 of September, 2012 | |||||||||||
| IBM AIX 7.1 | | | | | | | | | | | |
| 1.1.0 of September, 2013 | |||||||||||
| Oracle Solaris 11.1 | | | | | | | | | |
| |
| 1.0.0 of October, 2013 | |||||||||||
| Novell SuSE Linux Enterprise Server 10 | | | | | | | | | | | |
| 1.0.0 of September, 2013 | |||||||||||
| Novell SuSE Linux Enterprise Server 11 | | | | | | | | | | | |
| 1.0.0 of September, 2013 | Version 2.1.0 of December, 2017 | ||||||||||
| Novell SuSE Linux Enterprise Server 12 | | | | | | | | | | | |
Version 2.1.0 of December, 2017 | |||||||||||
Defense Information Systems Agency (DISA)
| Operating System | Supported TrueSight Server Automation versions / Benchmark details | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 8.3 | 8.5 | 8.6 | 8.7 | 8.8 | 8.9 | 8.9.03 | 8.9.04 | 8.9.04.001 | 8.9.04.002 | |
| Windows Server 2003 Domain Controller (DC) | | | | | | | | | | |
| Version 6/Release 1.30 of October, 2013 (as of BSA 8.3.02.001) | Version 6/Release 36 of April, 2015 | |||||||||
| Windows Server 2003 Member Server (MS) | | | | | | | | | | |
| Version 6/Release 1.30 of October, 2013 (as of BSA 8.3.02.001) | Version 6/Release 36 of April, 2015 | |||||||||
| Windows Server 2008 DC | | | | | | | | | | |
| Version 6/Release 1.22 of July, 2013 (as of BSA 8.3.02) | Version 6/Release 1.30 of July, 2015 | Version 6/ Release 1.31 of October, 2015 | Version 6/ Release 1.32 of April, 2016 | |||||||
| Windows Server 2008 MS | | | | | | | | | | |
| Version 6/Release 1.22 of July, 2013 (as of BSA 8.3.02) | Version 6/Release 1.30 of July, 2015 | Version 6/ | Version 6/ Release 1.32 of April, 2016 | |||||||
| Windows Server 2008 R2 DC | | | | | | | | | | |
| Version 1/Release 8 of July, 2013 (as of BSA 8.3.02) | Version 1/ Release 15 of April, 2015 | Version 1/Release 17 of October, 2015 | Version 1/Release 28 of October, 2018 | Version 1/Release 31 of July, 2019 | ||||||
| Windows Server 2008 R2 MS | | | | | | | | | | |
| Version 1/Release 8 of July, 2013 (as of BSA 8.3.02) | Version 1/ Release 15 of April, 2015 | Version 1/Release 17 of October, 2015 | Version 1/Release 28 of October, 2018 | Version 1/Release 30 of July, 2019 | ||||||
| Windows Server 2012 DC | | | | | | | | | | |
| Version 1/Release 4 of July, 2014 | Version 1/Release 6 of January, 2015 | Version 2/Release 4 | Version 2/Release 14 of October, 2018 | Version 2/Release 17 of July, 2019 | ||||||
| Windows Server 2012 MS | | | | | | | | | | |
| Version 1/Release 4 of July, 2014 | Version 1/Release 6 of January, 2015 | Version 2/Release 4 of April, 2016 | Version 2/Release 14 of October, 2018 | Version 2/Release 16 of July, 2019 | ||||||
| Windows Server 2012 R2 DC |
| | | | | | | | | |
| Version 1/Release 4 of July, 2014 | Version 1/Release 6 of January, 2015 | Version 2/Release 4 of April, 2016 | Version 2/Release 14 of October, 2018 | Version 2/Release 17 of July, 2019 | ||||||
| Windows Server 2012 R2 MS |
| | | | | | | | | |
| Version 1/Release 4 of July, 2014 | Version 1/Release 6 of January, 2015 | Version 2/Release 4 of April, 2016 | Version 2/Release 14 of October, 2018 | Version 2/Release 16 of July, 2019 | ||||||
| Windows Server 2016 | | | | | | | | | | |
Version 1/Release 1. 20 of January 2017 (As of BSA 8.9.02) | Version 1/Release 6 of October, 2018 | Version 1/Release 9 of July, 2019 | ||||||||
| Red Hat Enterprise Linux 5 | | | | | | | | | | |
| Version 1/Release 4 of July, 2013 (as of BSA 8.3.02.001) | Version 1/ Release 10 of April, 2015 | Version 1/ Release 12 of October, 2015 | Version 1/ | |||||||
| Red Hat Enterprise Linux 6 | | | | | | | | | | |
| Version 1/Release 2 of July, 2013 (as of BSA 8.5.01) | Version 1/ Release 6 of January, 2015 | Version 1/ Release 9 of October, 2015 | Version 1/ Release 11 of April, 2016 | Version 1/ Release 20 of October, 2018 | Version 1/ Release 21 of January, 2019 | Version 1/ Release 23 of July, 2019 | ||||
| Red Hat Enterprise Linux 7 | | | | | | | | | | |
Version 1/Release 1. 27 of February 2017 (As of BSA 8.9.02) | Version 2/ | Version 2/ Release 2 of January, 2019 | Version 1/ Release 23 of July, 2019 | |||||||
| IBM AIX 6.1 | | | | | | | | | | |
| Version 1/Release 2 of July, 2014 | ||||||||||
| HP-UX 11.23 | | | | | | | | | | |
| Version 1/Release 3 of July, 2013 (as of BSA 8.5.01) | Version 1/Release 4 of January, 2015 | |||||||||
| HP-UX 11.31 | | | | | | | | | | |
Version 1/Release 3 of July, 2013 | Version 1/Release 6 of April, 2015 | |||||||||
| Oracle Solaris 10 x86 | | | | | | | | | | |
| Version 1/Release 5 of January, 2014 | Version 1/Release 9 of January, 2015 | |||||||||
| Oracle Solaris 10 SPARC | | | | | | | | | | |
| Version 1/Release 5 of January, 2014 | Version 1/Release 9 of January, 2015 | |||||||||
| Oracle Solaris 11 x86 | | | | | | | | | | |
| Version 1/Release 1 of April, 2014 | Version 1/Release 2 of January, 2015 | Version 1/Release 17 of April, 2019 | ||||||||
| Oracle Solaris 11 SPARC | | | | | | | | | | |
| Version 1/Release 1 of April, 2014 | Version 1/Release 2 of January, 2015 | |||||||||
Payment Card Industry (PCI)
| Operating System | Benchmark details | Supported TrueSight Server Automation versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 8.2 | 8.3 | 8.5 | 8.6 | 8.7 | 8.8 | 8.9 | 8.9.03 | 8.9.04 | ||
| PCIv3.2.1 | ||||||||||
| Windows Server 2016 | 3.2.1 of May 2018 | | | | | | | | | |
| Red Hat Enterprise Linux 6.x | 3.2.1 of May 2018 | | | | | | | | | |
| Red Hat Enterprise Linux 7.x | 3.2.1 of May 2018 | | | | | | | | | |
| PCIv3 | ||||||||||
| Windows Server 2012 | 3.0 of November 2013 | | |
(as of | | | | | | |
| Windows Server 2012 R2 | 3.0 of November 2013 | | | | | | | | | |
| Windows Server 2008 R2 | 3.0 of November 2013 | | | | | | | | | |
| Red Hat Enterprise Linux 6.x | 3.0 of November 2013 | | |
(as of | | | | | | |
| Red Hat Enterprise Linux 7.x | 3.0 of November 2013 | | | | | | | | | |
| IBM AIX 6.1/5.3 | 3.0 of November 2013 | | | | | | | | | |
| IBM AIX 7.1 | 3.0 of November 2013 | | | | | | | | | |
| Novell SuSE Linux Enterprise Server 10 | 3.0 of November 2013 | | | | | | | | | |
| Novell SuSE Linux Enterprise Server 11 | 3.0 of November 2013 | | | | | | | | | |
| PCIv2 | ||||||||||
| Red Hat Enterprise Linux 5.x | 2.0 of October, 2010 | | | | | | | | | |
| Windows Server 2008 | 2.0 of October, 2010 | | | | | | | | | |
| PCI | ||||||||||
| HPUX 11i v1 | 1.2 of October, 2008 | | | | | | | | | |
| HPUX 11i v2 | 1.2 of October, 2008 | | | | | | | | | |
| HPUX 11i v3 | 1.2 of October, 2008 | | | | | | | | | |
| Oracle Solaris 8-9 | 1.2 of October, 2008 | | | | | | | | | |
| Oracle Solaris 10 | 1.2 of October, 2008 | | | | | | | | | |
| Windows Server 2003 | 1.2 of October, 2008 | | | | | | | | | |
Sarbanes-Oxley (SOX) Act
| Operating System | Supported TrueSight Server Automation versions | ||||||
|---|---|---|---|---|---|---|---|
| 8.3 | 8.5 | 8.6 | 8.7 | 8.8 | 8.9 | 8.9.03 | |
| IBM AIX 5.2 | | | | | | | |
| IBM AIX 5.3 | | | | | | | |
| HP-UX 11i v1 | | | | | | | |
| HP-UX 11i v2 | | | | | | | |
| HP-UX 11i v3 | | | | | | | |
| RedHat Linux RHEL ES/AS 3 | | | | | | | |
| RedHat Linux RHEL ES/AS 4.x | | | | | | | |
| RedHat Linux RHEL ES/AS 5.x | | | | | | | |
| Oracle Solaris 8-9 | | | | | | | |
| Oracle Solaris 10 | | | | | | | |
| Novell SuSE Linux Enterprise Server 9-10 | | | | | | | |
| Windows Server 2003 | | | | | | | |
Health Insurance Portability and Accountability Act (HIPAA)
| Operating System | Supported TrueSight Server Automation versions | ||||||
|---|---|---|---|---|---|---|---|
| 8.3 | 8.5 | 8.6 | 8.7 | 8.8 | 8.9 | 8.9.03 | |
| IBM AIX 7.1 | | | | | | | |
| IBM AIX 5.2 | | | | | | | |
| IBM AIX 5.3 | | | | | | | |
| HPUX 11i v1 | | | | | | | |
| HPUX 11i v2 | | | | | | | |
| HPUX 11i v3 | | | | | | | |
| Red Hat Linux RHEL ES/AS 3 | | | | | | | |
| Red Hat Linux RHEL ES/AS 4.x | | | | | | | |
| Red Hat Linux RHEL ES/AS 5.x | | | | | | | |
| Red Hat Enterprise Linux 5 | | | | | | | |
| Red Hat Enterprise Linux 6 | | | | | | | |
| Red Hat Enterprise Linux 7 | | | | | | | |
| Oracle Solaris 8-9 | | | | | | | |
| Oracle Solaris 10 | | | | | | | |
| Novell SuSE Linux Enterprise Server 9-10 | | | | | | | |
| Windows Server 2003 | | | | | | | |
| Windows Server 2008 | | | | | | | |
| Windows Server 2012 | | | | | | | |
Comments