Compliance Management in B2B

Similar Messages

• Sun Identity Compliance Manager Questions

  Hi Everyone,
  We are looking for a complete list of supported managed resources for the Sun Identity Compliance Manager (SICM) tool.
  Also we have the following specific questions:
  1.     Does SICM have connectors/adapters to Solaris 8/9/10 and Oracle EBS (as managed resources) to perform access certification of user accounts and associated entitlements/privileges/roles.
  For example: Can SICM be used to analyze/report on the status of current and newly provisioned Solaris unix-level accounts and associated RBAC roles (say) -or- Oracle EBS accounts and associated roles /responsibilities to identify if they have been certified or have any SOD conflicts?
  2.     Can SICM be implemented as a fully functional stand-alone product as opposed to it being integrated with Sun Identity Manager (SIM) ?
  3.     In a scenario where SIM and SICM are integrated, can SIM do a hand-off to SICM for SOD analysis and checking as part of it account provisioning workflows?
  Any insight and/or pointers will be greatly appreciated!
  Thanks in advance and please let me know if there is a more relevant forum to post this question.
  -TS

  I have resolved the problem, the problem is because of the idmmanager attribute. In onsite they are using some other idm 6.0 with some patch, so they are getting the idm manager attribute but in offshore we dont have any patch installed for getting the idm manager attribute. Do you have any idea about how to get the idm manager attribute in the idm 6.0 with some patch? Thanks for your help ya.

• Ciscoworks 3.2 RME Compliance Management w/ 802.1x Port Configs

  I am currently trying to use LMS 3.2 Compliance management to verify and alter our access port configurations for 802.1x. Below is our current configuration:
  switchport access vlan XX
  switchport mode access
  authentication control-direction in
  authentication event fail retry 0 action authorize vlan XXX
  authentication event no-response action authorize vlan XXX
  authentication port-control auto
  authentication periodic
  dot1x pae authenticator
  dot1x timeout quiet-period 10
  dot1x timeout tx-period 10
  dot1x timeout supp-timeout 10
  dot1x max-req 1
  dot1x max-reauth-req 1
  storm-control broadcast level 75.00
  spanning-tree portfast
  spanning-tree bpduguard enable
  I require the configurations to be changed to:
  switchport access vlan XX
  switchport mode access
  authentication event fail action authorize vlan XXX
  authentication event no-response action authorize vlan XXX
  authentication port-control auto
  authentication periodic
  dot1x pae authenticator
  dot1x timeout tx-period 8
  storm-control broadcast level 10.00
  storm-control multicast level 10.00
  spanning-tree portfast spanning-tree bpduguard enable
  Addtionally, I require LMS to verify that the port is indeed an access port with 802.1x already applied to it before adjusting the configurations. I have tried pushing this compliance check out with a prerequisite of having "switchport mode access" applied to it, and then having the next command set state:
  Submode: interface [#Ethernet*/*/*#]
  - dot1x max-req 1
  - dot1x max-reauth-req 1
  + no dot1x max-req 1
  + no dot1x max-reauth-req 1
  This was a simple test on a single device to see if I could remove the limits on authentication and requests entered. The job states successful and there are no devices that are non-compliant, however no changes to the device configurations have been made. I seek assistance in command syntax or if there is another way to push this out, as I have about 1k network devices to go through and make these changes.

  The following tempalte should do what you want:
  Name: Global     SubMode: No      isPrerequisite: No
  Ordered : No     Prerequisite-Commandset : none     Parent: none
  Name: Switchport     SubMode: Yes      isPrerequisite: Yes
  Ordered : No     Prerequisite-Commandset : none     Parent: none
    interface   [#FastEthernet.*#]
  +[#switchport mode access#]
  Name: 802fix     SubMode: No      isPrerequisite: No
  Ordered : No     Prerequisite-Commandset : Switchport     Parent: Switchport
  -dot1x max-req 1
  -dot1x max-reauth-req 1
  Note that I have changed to [#FastEthernet.*#] to be applied on
  FastEthernet interfaces.

• Compliance Management in LMS 3.2

  I'm having a hard time getting Compliance Manager to accept a "banner login" command I'm attempting to use on 6500 IOS switches. I've edited the template, tried cut-&-paste, looked for the archive file on the server to directly modify it (without success), among other things. I have this feature functioning correctly on CatOS switches, but can't seem to get it properly set on IOS switches. What's the limit, as far as the template is concerned, on the number of characters with this type of command? Where are the archive configs located on the server; in the "shadow" directory?
  Thanks,
  Rick

  Not sure what you mean when you say "not accepting", but I had some trouble with compliance templates and checking banners.  My issue was with multi-line commands as mentioned in the last post of this thread: https://supportforums.cisco.com/message/638950#638950
  Once I put the in the template it worked fine.  The thread is discussing LMS 2.6 but was applicable in my 3.2 environment.  Hope that helps.

• Does Cisco Prime have a replacement product for NCM or Network Compliance Manager?

  Does the Cisco Prime application development team have a product that replaces the NCM or Network Compliance Manager?

  Both Prime and LMS can do baseline compliance, after a fashion. LMS's is much more mature in my estimation. Prime is more around the lines of deploying templates.
  The regulatory compliance functions as of now are in only LMS's Compliance and Audit Manager (CAAM) function. It's quite useful, matching the baseline compliance features.
  An LMS license is included with PI, but it does need to be on its own server (or separate VM).

• Installing Security and Compliance Manager on Windows 8.1

  Hi
  I am trying to install Security and Compliance Manager on my Windows 8.1 workstation.  The install is trying to install SQL Express 2008 which seems to not be compatible with Windows 8.1 and that is were the install ends.
  I tried installing SQL Express 2012 and then running the install but it looks like the database is not installed.
  Is there a new version of Security and Compliance Manager that addresses this or does anyone know how to set up SQL to accept Compliance Manager?

  Open Regedit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  Delete this key under Session Manager "PendingFileRenameOperations". Restart the installation and it will work fine.
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Microsoft Security Compliance Manager V3 and create GPO

  I have created a GPO backup from the compliance manager for Windows 7 SP1. I am trying to find documentation for the exact process of importing these settings into a newly created "blank" gpo. In review of the Backup.xml file, I can see that
  it references Contoso.com (the generic MS domain for examples, etc). Is there a clear documented process for configuring the template then creating a domain GPO? Any help is greatly appreciated!
  wjk

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Cisco Works Network Compliance Manage NCM

  I'm working on the Cisco Works Network Compliance Manager.
  I would like to add a device which is behind a firewall.
  For this I use the option bastion host to authen. on the firewall and
  to get access to the device self.
  The problem is the firewall is not listing  to the port 22/23, it a different port number
  like example 1234.
  Is it possible to change the port  manually in a configfile, as the webinterface has no option for this  ?
  I use the version 1.7.1 the latest one.

  Both Prime and LMS can do baseline compliance, after a fashion. LMS's is much more mature in my estimation. Prime is more around the lines of deploying templates.
  The regulatory compliance functions as of now are in only LMS's Compliance and Audit Manager (CAAM) function. It's quite useful, matching the baseline compliance features.
  An LMS license is included with PI, but it does need to be on its own server (or separate VM).

• RME - Compliance Management - Deploy strangeness

  Hi All,
  Here is an interesting one. Got a selection of Compliance management jobs and am having trouble with the deploy phase. Basically I am looking for the following on a series of devices and then removing it.
  - [#radius-server host.*#]
  So when this runs, it matches what I expect (shown below)
  no radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
  However when I deploy this, the line above remains on the device?
  I have tried changing the compliance check to
  - radius-server host x.x.x.x auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXX
  To see if its a regex problem of some form and the job does exactly the same, i.e. it matches the line and tries to deploy however doesn't work?
  Any ideas?

  Hi Yidabear,
  Its not a pre-requisite problem as the pre-requisites are fillfilled and hence it deploys the rest of the config to the devices in question. For some reason it is just this one line that it has a problem with. Strangely enough, we had a similar issue with the same format of TACACS server line. It seems to happen when you have the "key 7 xxxxxxxxx" value at the end? Even though it finds it and tried to remove it it fails.

• Security Compliance Manager - version 3.0.60

  Does anyone know if this version of Security Compliance Manager supports Windows Server 2012 R2:  
  3.0.60

  Hi sayerdi,
  As this question is related to Security Compliance Manager (SCM), for quick and accurate response, I would like to recommend that you ask the question in the SCM forum at
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement . It is appropriate and more experts will assist you.
  Additionally, there is a similar thread about SCM for Windows Server 2012 R2 for your reference.
  https://social.technet.microsoft.com/Forums/en-US/9a0b831e-5d38-4b26-9191-16286f10ecab/scm-update-for-windows-81-and-windows-2012-r2?forum=compliancemanagement
  Thanks,
  Lydia Zhang

• Microsoft Security Compliance Manager - Failed to installed

  Every time I try to install Microsoft Security Compliance Manager right when I getto the part where I'm installing it, it gives me this error:
  Microsoft Security Compliance Manager Setup Wizard failed while starting the installation/uninstallation The given path's format is not supported.
  Then closing the installation and telling me it failed.
  Please help I need to install this for a class.

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Upgrading from SQL Server 2005 Compact Edition [ENU] to SQL Server 2008 Express Edition OR HIGHER for Microsoft Security Compliance Manager

  I have downloaded the MS Security Compliance Manager, which is in two parts:  MS SQL Server 2008 Express Edition & the SCM. The install instructions state the the server needs to be install before the SCM.  So as the install continues I get
  an error message, which cancels the installation.  So, I am trying to install SQL 2008 EE separate from SCM.  My question is: 
  Can I upgrade from my current SQL Server 2005 Compact Edition [ENU]
  directly to SQL Server 2008 Express Edition (or higher)?

  So as the install continues I get an error message, which cancels the installation. 
  And which error message did you got?
  SQL Server Compact Edition is something different then SQL Server Express (or Standard) Edition, you can't upgrade it as you asked for,.
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• Applying recommend settings from "microsoft security compliance manager 3.0.60.0" to a standalone Server using LocalGPO.wsf on Server 2012 R2

  Hello
  Can someone please help me with the following question.
  I have a standalone Server and need to apply settings from SCM, I can see how to do this following the instructions in the following article
  http://windowsitpro.com/security/q-how-can-i-apply-security-baseline-i-defined-through-microsoft-security-compliance-manager
  The problem is  the LocalGPO.wsf that ships with the above version of SCM does not run on Server 2012 R2 (only Server 2012) 
  my question is, 
  is there a later version of LocalGPO.wsf I can use that works on Server 2012 R2 ?
  Thanks
  AAnotherUser__
  AAnotherUser__

  Hi,
  Thanks for your post.
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  http://blogs.technet.com/b/secguide/archive/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live.aspx
  For more SCM related issue, i think you may ask in:
  https://social.technet.microsoft.com/Forums/en-US/home?forum=compliancemanagement
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Environmental Compliance Management

  Hi friends
  Help me how to do the environment compliance management, Emissions Management, Health & Safety, Compliance for products.
  Kindly do the needful
  Thanks and Regards,
  Arul.

  HI,
  Pls. find some details about EH&S ( Environment,Health & Safety) as below:
  Basic Data and Tools (EHS-BD)
  Purpose
  This SAP component contains data and functions that you require for several areas of the SAP component Environment, Health and Safety (EH&S).
  Implementation Considerations
  The Basic Data and Tools are the prerequisite for you to be able to use the other SAP EH&S components:
  ·        Product Safety (EHS-SAF)
  ·        Hazardous Substance Management (EHS-HSM)
  ·        Dangerous Goods Management (EHS-DGP)
  ·        Waste Management (EHS-WA)
  ·        Occupational Health (EHS-HEA)
  ·        Industrial Hygiene and Safety (EHS-IHS)
  This means that regardless of which of the SAP EH&S components you want to use, you need to process Customizing for Basic Data and Tools and create the necessary data in Basic Data and Tools before you implement the other components.
  Integration
  You must have installed the following SAP components to be able to use all the functions of Basic Data and Tools:
  ·        Engineering Change Management (LO-ECH)
  ·        Document Management (CA-DMS)
  ·        Classification System (CA-CL)
  ·        Material Master (LO-MD-MM)
  ·        Sales and Distribution (SD)
  Features
  Basic Data and Tools contains the following SAP components:
  ·        In specification management you enter all environmentally relevant data and other data for substances (pure substances, preparations, mixtures, and residual substances), agents, packagings, and waste codes in specifications. This data includes information on identifiers, material assignments, compositions, listings, properties, and assignments to regulatory lists.
  You can also enter data for dangerous goods regulations and dangerous goods classifications in specifications. You can use the filling function from the SAP component dangerous goods interfaces to copy dangerous goods classification data to the dangerous goods master. For more information, see the documentation for the SAP component Dangerous Goods Management in the sections Dangerous Goods Basic Data, Dangerous Goods Classification, and Tools.
  You can copy data on dangerous goods storage classes, VbF classes, and water pollution classes to Warehouse Management. For more information, see the Implementation Guide (IMG) for Logistics Execution under Transfer Hazardous Substance Data from the Specification Database.
  ·        In the specification information system you can access specification data directly and display it in different ways.
  ·        In report definition you set up the prerequisites for being able to print specification data on EH&S reports (such as material safety data sheets and standard operating procedures). You design the layout of report templates using Windows Wordprocessor Integration (WWI), which gives you access to Microsoft Word functions. Specially defined symbols in the report templates are replaced by values from the SAP system when reports are generated. Phrases are printed in the languages specified. You use ratings and validity areas to specify that only permitted specification data appears on the report.
  ·        You can create standard texts in the form of phrases in phrase management, reducing the amount of writing and translating necessary. Phrases are managed in libraries.
  ·        Under the tools you will find functions for importing data from legacy systems, exchanging and distributing data between systems, editing it, and archiving it.
  Hope this helps.
  Regards,
  Tejas

• Cisco Prime Specific NTP Servers by Compliance Management

  Gets,
  I have the following NTP servers configured on different switches
  ntp server 192.168.1.1
  ntp server 10.10.10.10 key 1
  ntp server 12.12.12.12
  ntp server 13.13.13.13 key 1
  ntp server 14.14.14.14 key 30
  The correct NTP servers are only 10.10.10.10 and 192.168.1.1. The problem is that as you see, the IP addresses of the NTP servers are very generic, meaning that in my large network, I may find any other NTP server.
  Can you develop a code to run by Compliance Management to exclude any unneeded NTP servers ? It is required that the code catches any IP address and any key that is not matching the first two servers.

  Gets,
  I have the following NTP servers configured on different switches
  ntp server 192.168.1.1
  ntp server 10.10.10.10 key 1
  ntp server 12.12.12.12
  ntp server 13.13.13.13 key 1
  ntp server 14.14.14.14 key 30
  The correct NTP servers are only 10.10.10.10 and 192.168.1.1. The problem is that as you see, the IP addresses of the NTP servers are very generic, meaning that in my large network, I may find any other NTP server.
  Can you develop a code to run by Compliance Management to exclude any unneeded NTP servers ? It is required that the code catches any IP address and any key that is not matching the first two servers.