Release Notes

v2025.06.1 (2025-06-02)

Features

Primary server (the one being run directly under systemd) will now output all dependency logs, rather than having to search /var/log/xylok for them
- Logs all appear under journald as a result, integrating with any centralized logging already in place for that system
- Standard journalctl -u xylok can be used to examine the logs
- Logs default to JSON format when run under systemd
- For nice parsing and filtering of the JSON, use /opt/xylok/xylok logs --help

Fixes

XSS-41: Fixed visual display issue with related controls on the CCI rater
XSS-43: Removed usage of -MaskInput in Powershell scripts
XSS-42: fixed client ID usage in document selector
XSS-39 - Fixed loading statuses filter in API
XSS-37: Added import-data subcommand to XSS and corrected import-data.sh script to use it
XSS-38: Added flag to installer to set read-only status and respect the READONLY setting again

Benchmarks

toss4 post processing complete
Removed debugging from start.sh
Updates for RHEL 8 and 9
Updated Microsoft Windows 11 STIG v2r3
Microsoft Office 365 ProPlus STIG v3r3
Microsoft Windows 10 STIG v3r4
Windows Server 2022 v2r4
Microsoft IIS 10.0 Server STIG v3r3
Microsoft IIS 10.0 Site STIG v2r11
Windows Domain Name System (DNS) STIG v2r3 (ms_windows_server_2022_dns_stig)
Mozilla Firefox STIG v6r6
Added winserver-powershell OS tag to IIS 10.0 STIGs to enable collection with Windows Server 2025
Added rhel OS tag to Mozilla Firefox STIG to enable collection with RHEL 9.
rhel 9 411070 command correction

v2025.05.3 (2025-05-16)

Quick release to fix active directory settings not loading properly

Features

XYL-12333 - Add features v3 endpoint
Added gosec linting to our build process and corrected any flagged issues

Fixes

Added flag ignore-lingering to installer to allow bypassing any systemd lingering-enable issues
XYLOK-27: All AD and SMTP-associated settings should be correctly handled again
Completed Ubuntu 24.04 benchmark commands.

v2025.05.2 (2025-05-07)

Quick-turn release to cover some small issues found in the new installer.

Fixes

Remove link to v2 API
FAPolicy updating during installation is more intelligent
Server no longer creates mounts for the non-existent API server, suppressing an error found in docker logs
Made installer handle SIGINT (ctrl-c) better
Made linger only a warning on Docker-based systems
Added some functionality to installer to fix up older systemd installations
Make xylok.service unit depend on docker.socket as well as the service on Docker-based installs
Reject amazonbot, correct robots.txt

v2025.05.1 (2025-04-28)

Features

There has been a significant change in the way Xylok runs itself and its container. Please let us know of any issues you encounter.

The installer has been entirely re-written to be more robust to small cahnges in install process, including partial (failed) installations.
- For more installation control, the “install” subcommand has had numerous flags added. See ./xylok-installer-v2025.05.1 install --help for the most up-to-date information.
- A new “uninstall” subcommand has been added, which will easily remove all remanents of Xylok from your system.
The primary server (the proxy in front of many of Xylok’s dependencies) now runs OUTSIDE the container
- This server will now monitor the container and automatically load images and start/stop it as needed.
- The systemd service will be modified appropriately to account for this new configuration, including adding the ambient capability to bind to lower-levels ports.
- If you had modified net.ipv4.ip_unprivileged_port_start, you should be able to remove that kernel setting.
- If you use Docker, you may need to allow your Xylok ports through the firewall. Docker by default configures these rules automatically.

Fixes

Fixed CCI comparison, benchmark sunset column wasn’t being treated correctly in some services. Closes XYL-3735
During installation, correctly check if xylok systemd service exists and try to confirm if the binary itself has been completely stopped
Error about controls.json should no longer occur because it will always be built before the container starts
Updated to Go 1.24.1

Benchmarks

BIND 9.x commands and post-processing implemented
Maria DB implemented
TOSS implemented
Kubernetes implemented
Added RHEL Ansible Automation Controller/Web STIGs commands and PP
Updates to handle May compilation updates:
- apache_server_2-4_unix_site_stig
- application_security_development_stig
- cisco_ios-xe_router_ndm_stig
- cisco_ios-xr_router_ndm_stig
- cisco_ios_router_ndm_stig
- cisco_ios_switch_ndm_stig
- cisco_ios_xe_switch_ndm_stig
- cisco_nx-os_switch_ndm_stig
- ess_epo_5-3_5-9_stig
- layer_2_switch_srg
- mcafee_ens_10-x_stig
- microsoft_windows_11_stig
- moz_firefox_stig
- ms_dot_net_framework
- ms_office_365_proplus_stig
- ms_sql_server_2016_instance_stig
- ms_windows_10_stg
- network_device_management_srg
- oracle_database_11-2g_stig
- palo_alto_networks_alg_stig
- palo_alto_networks_ndm_stig
- rhel_9_stig
- sles_15_stig
- tomcat_application_server_9_stig
- vmw_vsphere_7-0_esxi_stig
- vmw_vsphere_8-0_esxi_stig
- web_server_srg
- windows_server_2019_stig

STIG Scrape

Updated benchmark zos_webspheremq_for_tss_stig, added version v7r1
Updated benchmark zos_tadz_for_tss_stig, added version v7r1
Updated benchmark zos_srraudit_for_tss_stig, added version v7r1
Updated benchmark zos_roscoe_for_tss_stig, added version v7r1
Updated benchmark zos_quest_nc-pass_for_tss_stig, added version v7r1
Updated benchmark zos_netview_for_tss_stig, added version v7r1
Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, added version v7r1
Updated benchmark zos_hcd_for_tss_stig, added version v7r1
Updated benchmark zos_ca_vtape_for_tss_stig, added version v7r1
Updated benchmark zos_ca_mim_for_tss_stig, added version v7r1
Updated benchmark zos_ca_mics_for_tss_stig, added version v7r1
Updated benchmark zos_bmc_mainview_for_zos_for_tss_stig, added version v7r1
Updated benchmark zos_bmc_ioa_for_tss_stig, added version v7r1
Updated benchmark zos_bmc_control-o_for_tss_stig, added version v7r1
Updated benchmark zos_bmc_control-m_restart_for_tss_stig, added version v7r1
Updated benchmark zos_webspheremq_for_racf_stig, added version v7r1
Updated benchmark zos_vss_for_racf_stig, added version v7r1
Updated benchmark zos_tadz_for_racf_stig, added version v7r1
Updated benchmark zos_srraudit_for_racf_stig, added version v7r1
Updated benchmark zos_roscoe_for_racf_stig, added version v7r1
Updated benchmark zos_quest_nc-pass_for_racf_stig, added version v7r1
Updated benchmark zos_netview_for_racf_stig, added version v7r1
Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, added version v7r1
Updated benchmark zos_hcd_for_racf_stig, added version v7r1
Updated benchmark zos_ca_vtape_for_racf_stig, added version v7r1
Updated benchmark zos_ca_mim_for_racf_stig, added version v7r1
Updated benchmark zos_ca_mics_for_racf_stig, added version v7r1
Updated benchmark zos_bmc_mainview_for_zos_for_racf_stig, added version v7r1
Updated benchmark zos_bmc_ioa_for_racf_stig, added version v7r1
Updated benchmark zos_bmc_control-o_for_racf_stig, added version v7r1
Updated benchmark zos_bmc_control-m_restart_for_racf_stig, added version v7r1
Updated benchmark zos_bmc_control-o_for_acf2_stig, added version v7r1
Updated benchmark zos_bmc_control-m_restart_for_acf2_stig, added version v7r1
Updated benchmark zos_webspheremq_for_acf2_stig, added version v7r1
Updated benchmark zos_tadz_for_acf2_stig, added version v7r1
Updated benchmark zos_srraudit_for_acf2_stig, added version v7r1
Updated benchmark zos_roscoe_for_acf2_stig, added version v7r1
Updated benchmark zos_quest_nc-pass_for_acf2_stig, added version v7r1
Updated benchmark zos_netview_for_acf2_stig, added version v7r1
Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, added version v7r1
Updated benchmark zos_hcd_for_acf2_stig, added version v7r1
Updated benchmark zos_ca_vtape_for_acf2_stig, added version v7r1
Updated benchmark zos_ca_mim_for_acf2_stig, added version v7r1
Updated benchmark zos_ca_mics_for_acf2_stig, added version v7r1
Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, added version v7r1
Updated benchmark zos_bmc_ioa_for_acf2_stig, added version v7r1
Updated benchmark web_server_srg, added version v4r3
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, added version v2r2
Updated benchmark vmw_vsphere_8-0_esxi_stig, added version v2r3
Updated benchmark vmw_vsphere_7-0_esxi_stig, added version v1r4
Updated benchmark tm_tippingpoint_ndm_stig, added version v2r3
Updated benchmark tanium_7-x_stig, added version v2r2
Updated benchmark tanium_7-x_os_tanos_stig, added version v2r2
Updated benchmark tanium_7-x_application_tanos_stig, added version v2r2
Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v2r2
Updated benchmark sles_15_stig, added version v2r4
Updated benchmark rhel_9_stig, added version v2r4
Updated benchmark rhel_8_stig, added version v2r3
Updated benchmark palo_alto_networks_ndm_stig, added version v3r3
Updated benchmark palo_alto_networks_alg_stig, added version v3r4
Updated benchmark oracle_linux_8_stig, added version v2r4
Updated benchmark oracle_linux_7_stig, added version v3r2
Updated benchmark oracle_database_12c_stig, added version v3r4
Updated benchmark network_device_management_srg, added version v5r3
Updated benchmark ms_windows_server_2022_dns_stig, added version v2r3
Updated benchmark ms_windows_server_2022_stig, added version v2r4
Updated benchmark windows_server_2019_stig, added version v3r4
Updated benchmark microsoft_windows_11_stig, added version v2r3
Updated benchmark ms_windows_10_stig, added version v3r4
Updated benchmark ms_sql_server_2016_instance_stig, added version v3r4
Updated benchmark ms_office_365_proplus_stig, added version v3r3
Updated benchmark iis_10-0_site_stig, added version v2r11
Updated benchmark iis_10-0_server_stig, added version v3r3
Updated benchmark ms_entra_id_stig, added version v1r1
Updated benchmark ms_dot_net_framework, added version v2r6
Updated benchmark moz_firefox_stig, added version v6r6
Updated benchmark layer_2_switch_srg, added version v3r2
Updated benchmark kubernetes_stig, added version v2r3
Updated benchmark juniper_ex_ndm_stig, added version v2r3
Updated benchmark juniper_ex_l2s_stig, added version v2r3
Updated benchmark jboss_eap_6-3_stig, added version v2r6
Updated benchmark infoblox_8_dns_stig, added version v1r2
Updated benchmark ibm_zsecure_suite_stig, added version v1r3
Updated benchmark ibm_zos_tss_stig, added version v9r4
Updated benchmark ibm_zos_racf_stig, added version v9r4
Updated benchmark ibm_zos_acf2_stig, added version v9r4
Updated benchmark ibm_websphere_liberty_server_stig, added version v2r2
Updated benchmark cloudlinux_almalinux_os_9_stig, added version v1r2
Updated benchmark cisco_nx-os_switch_ndm_stig, added version v3r3
Updated benchmark cisco_ios_switch_ndm_stig, added version v3r4
Updated benchmark cisco_ios_router_ndm_stig, added version v3r4
Updated benchmark cisco_ios-xr_router_ndm_stig, added version v3r3
Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v3r3
Updated benchmark cisco_ios-xe_router_ndm_stig, added version v3r4
Updated benchmark can_ubuntu_22-04_lts_stig, added version v2r4
Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v2r2
Updated benchmark application_security_development_stig, added version v6r3
Updated benchmark arista_mls_eos_4-2x_l2s_stig, added version v2r2
Updated benchmark arista_mls_eos_4-2x_router_stig, added version v2r2
Updated benchmark arista_mls_eos_4-2x_ndm_stig, added version v2r2
Updated benchmark application_server_srg, added version v4r3
Updated benchmark apple_macos_15_stig, added version v1r3
Updated benchmark apple_ios-ipados_18_stig, added version v1r3
Updated benchmark tomcat_application_server_9_stig, added version v3r2
Updated benchmark apache_server_2-4_windows_site_stig, added version v2r2
Updated benchmark apache_server_2-4_windows_server_stig, added version v3r3
Updated benchmark apache_server_2-4_unix_site_stig, added version v2r6
Updated benchmark mcafee_ens_10-x_stig, added version v3r4
Updated benchmark mcafee_ens_10-x_local_client_stig, updated version v2r3
Updated benchmark joint_regional_security_stack_stig, updated version v2r3
Updated benchmark ess_epo_5-3_5-9_stig, added version v3r4

v2025.04.2 (2025-04-09)

Fixes

General search in CCI rater now works correctly when a CCI definition happens to match and you’re also doing other filters. Fixes XYL-3730
Fix exporting benchmark sunset status, closes XYL-3731

v2025.04.1 (2025-04-03)

Features

Display sunset status in benchmark metadata
Added Bind9 config parser for use by PP
Installer improvements, flags should be more reliable
Attempt to set SELinux labels during Xylok startup. Should help with XYL-375

Fixes

Fixed link for exporting CKL files
Xylok STIG commands and PP
XYL-404: If the primary server is trying to redirect to port 6443, just don’t. Send it to 443 instead
XYL-372: Increased cell text limit to 32k characters within spreadsheet generator of the core server. Cells are still limited to the Excel line limit, so it’ll only make so much of a difference.

Benchmarks

Fixed OS-BL-000004 firewall-cmd, closes XYL-939
Updates to benchmarks for Solaris SPARC and x86.
XYL-165: #close Added MariaDB runner
- Added the ability to include she-bang (#!) commands within the MariaDB runner to escape the SQL commands. Improves XYL-165
Benchmark merge test now correctly realizes benchmark should be found with old ID in the alternate ID list
XYL-94: Added sunsetting to bedit #closes
Resolved version issues with McAfee Application Control 7.x and Trellix Application Control 8.x STIGs. Moved v1r5 and v1r6 to Trellix Application Control 8.x STIG. Updated McAfee Application Control 7.x STIG v1r4, and marked ready.
Added interview questions to Central Log Server SRG v3r2, and marked ready.
Added interview questions to General Purpose Operating System SRG v3r2, and marked ready.
Added interview questions to Application Server SRG v4r2, and marked ready.
Updated Palo Alto Networks IDPS STIG v3r2, and marked ready.
Updated Palo Alto Networks ALG STIG v3r3, and marked ready.
Updated Palo Alto Networks NDM STIG v3r2, and marked ready.
Updated Firewall SRG v3r2, and marked ready.
Added interview questions to Windows DNS v4r1.19, and marked ready.
Updated Domain Name System SRG v4r1, and marked ready.
Updated Intrusion Detection and Prevention Systems SRG v3r2, and marked ready.
Updated Storage Area Network STIG v2r5, and marked ready.
Updated Multifunction Device and Network Printers STIG v2r15, and marked ready.
Marked VMware vSphere 7.0 VAMI STIG v1r2 ready.
Marked Microsoft Office 365 ProPlus STIG v3r2 ready.
Marked Cisco ASA NDM STIG v2r2 ready.
Marked Cisco ASA VPN STIG v2r2 ready.
Marked Google Chrome Current Windows STIG v2r10 ready.
Marked Microsoft OneDrive STIG v2r3 ready.
Marked VMware vSphere 8.0 ESXi STIG v2r2 ready.
Updated SUSE Linux Enterprise Server 15 STIG v2r3, and marked ready.
Scraped public.disa.mil for updated STIG content 20250402.
- Numerous updates from scrape, including sunsetting old STIGs

v2025.03.1 (2025-03-03)

Features

CKLBs are now available and can be broken into per-benchmark files
Added far more flags to the installer and made sure the important ones work

Fixes

Primary server will now ensure it can write the controls file to the correct location for the core server
Fixed category display on scan analysis
Integrated new API alongside GQL and tRPC for a cleaner transition plan

Benchmarks

RHEL 9 Updates
Updated VMware vSphere 8.0 vCenter STIG v2r2, and marked ready.
Updated VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) STIG v2r2, and marked ready.
Updated VMware vSphere 7.0 vCenter Appliance Photon OS STIG v1r4, and marked ready.
Updated VMware vSphere 7.0 ESXi STIG v1r3, and marked ready.
Updated VMware vSphere 7.0 Virtual Machine STIG v1r4, and marked ready.
Updated Apache Tomcat Application Server 9 STIG v3r1, and marked ready.
Updated Apache Server 2.4 UNIX Site STIG v2r5, and marked ready.
Updated Apache Server 2.4 UNIX Server STIG v3r2, and marked ready.
Marked ESS Trellix Agent STIG v5r12 ready.
Added interview questions to Web Server SRG v4r2, and marked ready.
Updated Virtual Machine Manager SRG v2r2, and marked ready.
Added interview questions to Trellix TIE/DXL STIG v3r1, and marked ready.
Updated Traditional Security Checklist v2r6, and marked ready.
Updated Network Infrastructure Policy STIG v10r7, and marked ready.
Updated Network Device Management SRG v5r2, and marked ready.
Added interview questions to AAA Services SRG v2r2, and marked ready.
Updated Application Security and Development STIG v6r2, and marked ready.
RHEL 8 Updates
Updated Cisco IOS XE Router NDM STIG v3r3, and marked ready.
Updated Cisco IOS XE Router RTR STIG v3r3, and marked ready.
Updated Cisco IOS Router NDM STIG v3r3, and marked ready.
Updated Cisco NX OS Switch RTR STIG v3r3, and marked ready.
Updated Cisco IOS Switch NDM STIG v3r3, and marked ready.
Updated Cisco IOS Router RTR STIG v3r3, and marked ready.
Updated ESS ePO 5.x STIG v3r3, and marked ready.
Updated ESS Staging Server STIG v5r2, and marked ready.
Updated Trellix ENS 10.x STIG v3r3, and marked ready.
Updated ESS Remote Console STIG v5r3, and marked ready.
Merged several benchmarks to reflect name changes and reduce confusion in the benchmark repository:
- aaa_service_srg –> aaa_services
- apache_tomcat_9_stig –> tomcat_application_server_9_stig
- arcgis_server_103_stig –> arcgis_server_10-3_stig
- canonical_ubuntu_stig –> canonical_ubuntu_16-04_lts
- mobility_policy_stig –> mobile_device_policy_stig
- u_can_ubuntu_18-04_stig –> can_ubuntu_18-04_stig
- uem_srg –> uem_agent_srg
- vrealize_ops_mgr_cassandra_stig –> vmw_vrealize_ops_mgr_cassandra_stig
- windows_daw_stig –> windows_paw_stig
Apache Updates
Updated Microsoft Windows Server 2019 STIG v3r3, and marked ready. Updated a test in Microsoft Windows Server 2022 STIG.
Updated Microsoft Windows Server 2016 STIG v2r10, and marked ready.
Updated Microsoft OneNote 2010 STIG v1r10, and marked ready.
Updated Microsoft Project 2010 STIG v1r10, and marked ready.
Updated Microsoft Publisher 2010 STIG v1r12, and marked ready.
Updated Microsoft Access 2010 STIG v1r11, and marked ready.
Updated Microsoft InfoPath 2010 STIG v1r12, and marked ready.
Updated Microsoft PowerPoint 2010 STIG v1r11, and marked ready.
Updated Microsoft Word 2010 STIG v1r12, and marked ready.
Updated Microsoft Office System 2010 STIG v1r13, and marked ready.
Updated Microsoft Outlook 2010 STIG v1r14, and marked ready.
Updated Microsoft Groove 2013 STIG v1r4, and marked ready.
Updated Microsoft OneNote 2013 STIG v1r4, and marked ready.
Updated Microsoft Outlook 2013 STIG v1r14, and marked ready.
Updated Microsoft Office System 2016 STIG v2r4, and marked ready.
Updated MS SQL Server 2016 Instance STIG v3r3, and marked ready.
Updated Microsoft Windows 10 STIG v3r3, and marked ready.
Updated Microsoft DotNet Framework 4.0 STIG, v2r5, and marked ready.
Updated Microsoft Windows Server 2022 STIG v2r3, and marked ready.
Updated benchmark mcafee_ens_10-x_stig, added version v3r3
Updated benchmark mcafee_ens_10-x_local_client_stig, added version v2r3
Updated benchmark ess_mcafee_agent_stig, added version v5r12
Updated benchmark hbss_staging_server, added version v5r2
Updated benchmark hbss_-_remote_console, added version v5r3
Updated benchmark ess_epo_5-3_5-9_stig, added version v3r3
Scraped benchmarks on 7 Feb 25
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v2r2
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v2r2
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v2r2
Updated benchmark ms_windows_server_2022_stig, updated version v2r3
Updated benchmark zos_webspheremq_for_tss_stig, added version v6r5
Updated benchmark zos_websphere_application_server_for_tss_stig, added version v7r1
Updated benchmark zos_tdmf_for_tss_stig, added version v7r1
Updated benchmark zos_ibm_cics_transaction_server_for_tss, added version v7r1
Updated benchmark zos_fep_for_tss, added version v7r1
Updated benchmark zos_fdr_for_tss_stig, added version v7r1
Updated benchmark zos_compuware_abend-aid_for_tss, added version v7r1
Updated benchmark zos_clsupersession_for_tss_stig, added version v7r1
Updated benchmark zos_catalog_solutions_for_tss_stig, added version v7r1
Updated benchmark zos_ca_common_services_for_tss_stig, added version v7r1
Updated benchmark zos_ca_auditor_for_tss_stig, added version v7r1
Updated benchmark zos_ca_1_tape_management_for_tss_stig, added version v7r1
Updated benchmark zos_bmc_control-m_for_tss_stig, added version v7r1
Updated benchmark zos_bmc_control-d_for_tss_stig, added version v7r1
Updated benchmark zos_webspheremq_for_acf2_stig, added version v6r5
Updated benchmark zos_websphere_application_server_for_acf2_stig, added version v7r1
Updated benchmark zos_tdmf_for_acf2_stig, added version v7r1
Updated benchmark zos_ibm_cics_transaction_server_for_acf2, added version v7r1
Updated benchmark zos_fep_for_acf2_stig, added version v7r1
Updated benchmark zos_fdr_for_acf2_stig, added version v7r1
Updated benchmark zos_compuware_abend-aid_for_acf2, added version v7r1
Updated benchmark zos_clsupersession_for_acf2_stig, added version v7r1
Updated benchmark zos_catalog_solutions_for_acf2_stig, added version v7r1
Updated benchmark zos_ca_common_services_for_acf2_stig, added version v7r1
Updated benchmark zos_ca_auditor_for_acf2_stig, added version v7r1
Updated benchmark zos_ca_1_tape_management_for_acf2_stig, added version v7r1
Updated benchmark zos_bmc_control-m_for_acf2_stig, added version v7r1
Updated benchmark zos_bmc_control-d_for_acf2_stig, added version v7r1
Updated benchmark google_android_15_cope_stig, added version v1r2
Updated benchmark google_android_15_cobo_stig, added version v1r2
Updated benchmark google_android_13_cope_stig, added version v2r2
Updated benchmark google_android_13_cobo_stig, added version v2r2
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, added version v2r2
Updated benchmark vmw_vsphere_8-0_vcenter_stig, added version v2r2
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, added version v2r2
Updated benchmark cloud_computing_mission_owner_os_srg, added version v1r2
Updated benchmark cloud_computing_mission_owner_srg, added version v1r2
Updated benchmark vmw_vsphere_7-0_virtual_machine_stig, added version v1r4
Updated benchmark vmw_vsphere_7-0_vca_photon_os_stig, added version v1r4
Updated benchmark vmw_vsphere_7-0_esxi_stig, added version v1r3
Added benchmark ss_android_15_cope_stig, added version v1r1
Added benchmark ss_android_15_cobo_stig, added version v1r1
Updated benchmark ss_android_os_14_kpe_3-x_cope_stig, added version v2r2
Updated benchmark ss_android_os_14_kpe_3-x_cobo_stig, added version v2r2
Updated benchmark apple_macos_15_stig, added version v1r2
Updated benchmark container_platform_srg, added version v2r2
Updated benchmark apple_ios-ipados_18_stig, added version v1r2
Updated benchmark apple_macos_14_stig, added version v2r3
Updated benchmark dragos_platform_2-x_stig, added version v1r2
Updated benchmark ibm_zos_tss_stig, added version v9r3
Updated benchmark ibm_zos_racf_stig, added version v9r3
Updated benchmark ibm_zos_acf2_stig, added version v9r3
Added benchmark zebra_android_13_cope_stig, added version v1r1
Added benchmark zebra_android_13_cobo_stig, added version v1r1
Updated benchmark rh_openshift_container_platform_4-12_stig, added version v2r2
Updated benchmark ss_android_os_13_kpe_3-x_cope_stig, added version v2r2
Updated benchmark ss_android_os_13_kpe_3-x_cobo_stig, added version v2r2
Updated benchmark vmw_nsx_4-x_distributed_fw_stig, added version v1r2
Updated benchmark vmw_nsx_4-x_tier1_gw_rtr_stig, added version v1r2
Updated benchmark vmw_nsx_4-x_tier1_gw_fw_stig, added version v1r2
Updated benchmark vmw_nsx_4-x_tier0_gw_rtr_stig, added version v1r2
Updated benchmark vmw_nsx_4-x_tier0_gw_fw_stig, added version v1r2
Updated benchmark vmw_nsx_4-x_manager_ndm_stig, added version v1r2
Updated benchmark evvm_policy_srg, added version v1r2
Updated benchmark cisco_ios_switch_ndm_stig, added version v3r3
Added benchmark xylok_security_suite_20-x_stig, added version v1r1
Updated benchmark cisco_ios-xe_router_rtr_stig, added version v3r3
Updated benchmark cisco_ios-xe_router_ndm_stig, added version v3r3
Updated benchmark cisco_nx-os_switch_rtr_stig, added version v3r3
Added benchmark dell_os10_switch_router_stig, added version v1r1
Added benchmark dell_os10_switch_ndm_stig, added version v1r1
Added benchmark dell_os10_switch_l2s_stig, added version v1r1
Updated benchmark cisco_ios_router_rtr_stig, added version v3r3
Updated benchmark cisco_ios_router_ndm_stig, added version v3r3
Added benchmark hpe_aruba_aos_wireless_stig, added version v1r1
Added benchmark hpe_aruba_aos_vpn_stig, added version v1r1
Added benchmark hpe_aruba_aos_ndm_stig, added version v1r1
Updated benchmark can_ubuntu_22-04_lts_stig, added version v2r3
Updated benchmark ms_windows_server_2022_stig, added version v2r3
Updated benchmark ms_exchange_2019_edge_server_stig, added version v2r2
Updated benchmark apache_server_2-4_windows_server_stig, added version v3r2
Updated benchmark mariadb_enterprise_10-x_stig, added version v2r3
Updated benchmark apache_server_2-4_unix_site_stig, added version v2r5
Updated benchmark apache_server_2-4_unix_server_stig, added version v3r2
Added benchmark cloudlinux_almalinux_os_9_stig, added version v1r1
Added benchmark anduril_nixos_stig, added version v1r1
Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, added version v2r4
Updated benchmark f5_big-ip_device_management_11-x_stig, added version v2r4
Updated benchmark f5_big-ip_application_security_manager_11-x_stig, added version v2r2
Updated benchmark f5_big-ip_advanced_firewall_manager_11-x_stig, added version v2r2
Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, added version v2r4
Updated benchmark oracle_weblogic_server_12c_stig, added version v2r2
Updated benchmark pan_prisma_cloud_compute_stig, added version v2r2
Updated benchmark juniper_router_rtr_stig, added version v3r2
Updated benchmark juniper_router_ndm_stig, added version v3r2
Updated benchmark juniper_srx_sg_vpn_stig, added version v3r2
Updated benchmark juniper_srx_sg_ndm_stig, added version v3r3
Updated benchmark juniper_srx_sg_alg_stig, added version v3r3
Updated benchmark oracle_database_12c_stig, added version v3r3
Updated benchmark ms_windows_10_stig, added version v3r3
Updated benchmark palo_alto_networks_idps_stig, added version v3r2
Updated benchmark palo_alto_networks_alg_stig, added version v3r3
Updated benchmark rgs_rke2_stig, added version v2r3
Updated benchmark uem_server_srg, added version v2r3
Updated benchmark ibm_zsecure_suite_stig, added version v1r2
Updated benchmark fs_nac_stig, added version v2r3
Updated benchmark microsoft_groove_2013, added version v1r4
Updated benchmark microsoft_outlook_2013, added version v1r14
Updated benchmark microsoft_onenote_2010, added version v1r10
Updated benchmark ms_office_365_proplus_stig, added version v3r2
Updated benchmark application_security_development_stig, added version v6r2
Updated benchmark multi-function_device, added version v2r15
Updated benchmark application_server_srg, added version v4r2
Updated benchmark vmm, added version v2r2
Updated benchmark solaris_11_x86_stig, added version v3r2
Updated benchmark ms_exchange_2016_edge_transport_server_stig, added version v2r6
Updated benchmark general_purpose_operating_system, added version v3r2
Updated benchmark aaa_services, added version v2r2
Updated benchmark windows_server_2019_stig, added version v3r3
Updated benchmark windows_server_2016_stig, added version v2r10
Updated benchmark mcafee_application_control_7-x_stig, added version v1r4
Updated benchmark ms_sql_server_2016_instance_stig, added version v3r3
Updated benchmark microsoft_onenote_2013, added version v1r4
Updated benchmark ibm_aspera_platform_4-2_stig, added version v1r3
Updated benchmark microsoft_sharepoint_server_2013, added version v2r4
Updated benchmark idps_srg, added version v3r2
Updated benchmark ms_dot_net_framework, added version v2r5
Updated benchmark oracle_http_server_12-1-3_stig, added version v2r3
Updated benchmark firewall_srg, added version v3r2
Updated benchmark solaris_11_sparc_stig, added version v3r2
Updated benchmark database_generic, added version v4r3
Updated benchmark mainframe_product_srg, added version v3r3
Updated benchmark central_log_server_srg, added version v3r2
Updated benchmark vpn, added version v3r3
Added benchmark ms_entra_id_stig, added version v1r0.1
Updated benchmark application_layer_gateway_srg, added version v2r2
Updated benchmark microsoft_office_system_2016, added version v2r4
Updated benchmark microsoft_outlook_2010, added version v1r14
Added benchmark ms_sql_server_2022_instance_stig, added version v1r0.1
Added benchmark ms_sql_server_2022_database_stig, added version v1r0.1
Updated benchmark rhel_8_stig, added version v2r2
Updated benchmark sles_15_stig, added version v2r3
Updated benchmark zos_webspheremq_for_racf_stig, added version v6r5
Updated benchmark zos_websphere_application_server_for_racf_stig, added version v7r1
Updated benchmark zos_tdmf_for_racf_stig, added version v7r1
Updated benchmark zos_ibm_cics_transaction_server_for_racf, added version v7r1
Updated benchmark zos_fep_for_racf_stig, added version v7r1
Updated benchmark zos_fdr_for_racf_stig, added version v7r1
Updated benchmark zos_compuware_abend-aid_for_racf, added version v7r1
Updated benchmark zos_clsupersession_for_racf_stig, added version v7r1
Updated benchmark zos_catalog_solutions_for_racf_stig, added version v7r1
Updated benchmark zos_ca_common_services_for_racf_stig, added version v7r1
Updated benchmark zos_ca_auditor_for_racf_stig, added version v7r1
Updated benchmark zos_ca_1_tape_management_for_racf_stig, added version v7r1
Updated benchmark zos_bmc_control-m_for_racf_stig, added version v7r1
Updated benchmark zos_bmc_control-d_for_racf_stig, added version v7r1
Updated benchmark google_android_14_cope_stig, added version v2r2
Updated benchmark google_android_14_cobo_stig, added version v2r2
Updated benchmark apple_macos_13_stig, added version v1r5
Updated benchmark rhel_9_stig, added version v2r3
Updated benchmark sles_12_stig, added version v3r2
Updated benchmark oracle_linux_8_stig, added version v2r3
Updated benchmark san, added version v2r5
Merged HPE Nimble Storage Array STIG with HPE Nimble Storage Array NDM STIG. Added missing interviews to HPE Nimble Storage Array NDM STIG, v2r1, and marked ready.

v2025.01.2 (2025-01-20)

Fixes

Fixed searching for CCIs using general search and CCI definition in CCI rater
Fixed benchmarks not importing after move to packed format

v2025.01.1 (2025-01-18)

Fixes

Fixed loading CNSSI 1253 for rev 4, which should fix issues with CCI rater and similar usage (applicable controls were not being determined correctly). This fixes a regression only in v2024.12.1.
Improvements to request logging
Moved banner to use gomponents from templ, templ removed entirely

Benchmarks

Several RHEL 6 command and PP fixes
Added interview questions for the Container SRG
Fixed Microsoft Defender Antivirus STIG check WNDF-AV-000004 OS list.
Updated Microsoft Word 2013 STIG v1r7, and marked ready, closes #168.
Updated Microsoft Visio 2013 STIG v1r5, and marked ready, closes #197.
Updated ESS Agent Handler STIG v2r4, and marked ready.
Updated ESS Trellix Agent STIG v5r11, and marked ready.
Updated ESS Rogue Sensor STIG v5r3, and marked ready.
Updated Trellix ENS 10.x STIG v3r2, and marked ready.
Updated ESS ePO 5.x STIG v3r2, and marked ready.
Updated Microsoft IIS 10.0 Site STIG v2r10, and marked ready.
Updated Microsoft IIS 10.0 Server STIG v3r2, and marked ready.

v2024.12.1 (2024-12-06)

Features

RMF rev 5 can now be used by setting the CONTROL_SET configuration setting. See Configuration Options documentation for more details. Note that many packages are still requiring submission in Rev 4, so we are leaving the default as Rev 4. Please report any issues you encounter.
- As a result of this change, we have also finally released the STIGs with Rev 5 CCIs. Using these STIGs may result in some data not being shown in eMASS rev 4 packages, but that still appears to be the guidance from at least some AOs.
Added session length configuration settings and documentation

Fixes

RMF rev 4 controls now load in the same fashion as Rev 5
Updated to 1 Oct 24 CCI list
Hid dashboard and new client checklist
Banner improvements and banner documentation
Added session ID to logs when available
Connection header won’t be logged any more–it’s boring
Added ability to control session termination at browser close
Upgraded to Go 1.23.
Corrected docs about updating
Parameters are nicely substituted into controls when building for display
CSF loading properly and displaying on UI
Updated CSF to 800-53 rev 5 version
Show device type on machine page
Licenses are now processed in the primary server, allowing for features implemented there to check status
Corrected command coverage calculation for automated vs interview
Added flags to installer so they’re reflected in the help
Corrected issue with parsing TOML license file dates

Benchmarks

Updated Microsoft Windows Server 2022 STIG v2r2, and marked ready.
Updated Microsoft Edge STIG v2r2, and marked ready.
Updated MS SQL Server 2016 Database STIG v3r2, and marked ready.
Updated Microsoft Windows Server 2019 STIG v3r2, and marked ready.
Updated Microsoft Windows 10 STIG v3r2, and marked ready.
Updated Microsoft Windows Server Domain Name System (DNS) STIG v2r2, and marked ready.
Updated Microsoft Windows 11 STIG v2r2, and marked ready.
Updated MS SQL Server 2016 Instance STIG v3r2, and marked ready.
Updated Cisco IOS Xe Switch NDM STIG v3r2, and marked ready.
Updated Cisco IOS Switch NDM STIG v3r2, and marked ready.
Updated Cisco IOS Router NDM STIG v3r2, and marked ready. Updated Cisco IOS Router RTR STIG v3r2, and marked ready.
Updated Cisco IOS XR Router NDM STIG v3r2, and marked ready. Updated Cisco IOS XR Router RTR STIG v3r2, and marked ready.
Updated Cisco IOS XE Router NDM STIG v3r2, and marked ready. Updated Cisco IOS XE Router RTR STIG v3r2, and marked ready.
Updated Cisco ISE NAC STIG v2r2, and marked ready. Updated Cisco ISE NDM STIG v2r2, and marked ready.
Updated Cisco NX OS Switch NDM STIG v3r2, and marked ready. Updated Cisco NX OS Switch RTR STIG v3r2, and marked ready. Cisco NX OS Switch L2S STIG v3r2 only removed checks, marked ready.
Scraped October quarterly updates and other STIG updates to 4 Nov 2024.
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v2r1
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v2r1
Updated benchmark ms_office_365_proplus_stig, updated version v3r1
Updated benchmark ms_office_365_proplus_stig, updated version v3r1
Added benchmark hycu_protege_stig, added version v1r1
Updated benchmark zos_websphere_application_server_for_tss_stig, added version v6r2
Updated benchmark zos_roscoe_for_tss_stig, added version v6r9
Updated benchmark zos_clsupersession_for_tss_stig, added version v6r14
Updated benchmark zos_websphere_application_server_for_racf_stig, added version v6r2
Updated benchmark zos_roscoe_for_racf_stig, added version v6r9
Updated benchmark zos_clsupersession_for_racf_stig, added version v6r14
Updated benchmark zos_websphere_application_server_for_acf2_stig, added version v6r2
Updated benchmark zos_roscoe_for_acf2_stig, added version v6r10
Updated benchmark web_server_srg, added version v4r2
Updated benchmark vpn, added version v3r2
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v2r1
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v2r1
Updated benchmark uem_server_srg, added version v2r2
Updated benchmark mcafee_application_control_8-x_stig, updated version v3r1
Updated benchmark traditional_security_checklist, added version v2r6
Updated benchmark tm_tippingpoint_ndm_stig, added version v2r2
Updated benchmark tm_tippingpoint_idps_stig, added version v2r2
Updated benchmark tanium_7-x_stig, updated version v2r1
Updated benchmark tanium_7-x_os_tanos_stig, updated version v2r1
Updated benchmark tanium_7-x_application_tanos_stig, updated version v2r1
Updated benchmark ss_android_os_14_kpe_3-x_cope_stig, updated version v2r1
Updated benchmark ss_android_os_14_kpe_3-x_cobo_stig, updated version v2r1
Updated benchmark ss_android_os_13_kpe_3-x_cope_stig, updated version v2r1
Updated benchmark ss_android_os_13_kpe_3-x_cobo_stig, updated version v2r1
Updated benchmark splunk_enterprise_8-x_for_linux_stig, updated version v2r1
Updated benchmark splunk_enterprise_7-x_for_windows_stig, updated version v3r1
Updated benchmark sles_15_stig, added version v2r2
Updated benchmark sles_12_stig, added version v3r1
Updated benchmark rhel_9_stig, added version v2r2
Updated benchmark rhel_8_stig, added version v2r1
Updated benchmark rh_openshift_container_platform_4-12_stig, updated version v2r1
Updated benchmark rh_ansible_automation_controller_web_server_stig, added version v2r2
Updated benchmark rgs_rke2_stig, added version v2r2
Updated benchmark rancher_mcm_stig, updated version v2r1
Updated benchmark redis_enterprise_6-x_stig, added version v2r2
Updated benchmark rb_netprofiler_stig, updated version v2r1
Updated benchmark palo_alto_networks_ndm_stig, added version v3r2
Updated benchmark palo_alto_networks_alg_stig, added version v3r2
Updated benchmark pan_prisma_cloud_compute_stig, updated version v2r1
Updated benchmark oracle_mysql_8.0_stig, added version v2r2
Updated benchmark oracle_linux_8_stig, added version v2r2
Updated benchmark oracle_linux_7_stig, added version v3r1
Updated benchmark oracle_database_12c_stig, added version v3r2
Updated benchmark network_infrastructure_policy_stig, added version v10r7
Updated benchmark netapp_ontap_dsc_9-x_stig, added version v2r2
Updated benchmark network_device_management_srg, added version v5r2
Updated benchmark ms_windows_server_2022_dns_stig, added version v2r2
Updated benchmark ms_windows_server_2022_stig, added version v2r2
Updated benchmark windows_server_2019_stig, added version v3r2
Updated benchmark windows_server_2016_stig, added version v2r9
Updated benchmark windows_paw_stig, updated version v3r1
Updated benchmark microsoft_windows_11_stig, added version v2r2
Updated benchmark ms_windows_10_stig, added version v3r2
Updated benchmark ms_sql_server_2016_instance_stig, added version v3r2
Updated benchmark ms_sql_server_2016_database_stig, added version v3r2
Updated benchmark ms_office_365_proplus_stig, updated version v3r1
Added benchmark ms_intune_mdm_service_desktop_stig, added version v1r1
Updated benchmark iis_10-0_site_stig, added version v2r10
Updated benchmark iis_10-0_server_stig, added version v3r2
Updated benchmark ms_exchange_2019_mailbox_server_stig, added version v2r2
Updated benchmark ms_edge_stig, added version v2r2
Updated benchmark ms_azure_sql_db_stig, added version v2r2
Added benchmark mongodb_enterprise_advanced_7-x_stig, added version v1r1
Updated benchmark mirantis_kubernetes_engine_stig, updated version v2r1
Updated benchmark marklogic_server_v9_stig, added version v3r2
Updated benchmark mariadb_enterprise_10-x_stig, added version v2r2
Updated benchmark mainframe_product_srg, added version v3r2
Updated benchmark kubernetes_stig, added version v2r2
Updated benchmark juniper_srx_sg_ndm_stig, added version v3r2
Updated benchmark juniper_srx_sg_alg_stig, added version v3r2
Updated benchmark juniper_router_ndm_stig, updated version v3r1
Updated benchmark juniper_ex_ndm_stig, added version v2r2
Updated benchmark juniper_ex_l2s_stig, added version v2r2
Updated benchmark jboss_eap_6-3_stig, added version v2r5
Updated benchmark jamf_pro_v10-x_emm_stig, updated version v3r1
Updated benchmark ivanti_mi_sentry_9-x_ndm_stig, added version v3r1
Added benchmark ivanti_sentry_9-x_alg_stig, added version v3r1
Updated benchmark ivanti_mi_core_mdm_server_stig, added version v3r1
Updated benchmark ivanti_connect_secure_ndm_stig, added version v2r2
Updated benchmark isec7_sphere, added version v3r1
Updated benchmark ibm_zos_tss_stig, added version v9r2
Updated benchmark ibm_zos_racf_stig, added version v9r2
Updated benchmark ibm_zos_acf2_stig, added version v9r2
Updated benchmark ibm_websphere_liberty_server_stig, added version v2r1
Updated benchmark ibm_aix_7-x_stig, added version v3r1
Updated benchmark hpe_3par_storeserv_3.3.x_stig, updated version v2r1
Updated benchmark hpe_3par_ssmc_gpos_stig, updated version v2r1
Updated benchmark google_chrome_current_windows, added version v2r10
Added benchmark google_android_15_cope_stig, added version v1r1
Added benchmark google_android_15_cobo_stig, added version v1r1
Updated benchmark google_android_13_cope_stig, updated version v2r1
Updated benchmark google_android_13_cobo_stig, updated version v2r1
Updated benchmark forescout_ndm_stig, added version v2r2
Updated benchmark fs_nac_stig, added version v2r2
Added benchmark f5_big-ip_tmos_vpn_stig, added version v1r1
Added benchmark f5_big-ip_tmos_ndm_stig, added version v1r1
Added benchmark f5_big-ip_tmos_fw_stig, added version v1r1
Added benchmark f5_big-ip_tmos_dns_stig, added version v1r1
Added benchmark f5_big-ip_tmos_alg_stig, added version v1r1
Updated benchmark evvm_endpoint_srg, added version v1r2
Updated benchmark epas_stig, updated version v2r1
Added benchmark dragos_platform_2-x_stig, added version v1r1
Updated benchmark database_generic, added version v4r2
Updated benchmark cisco_nx-os_switch_rtr_stig, added version v3r2
Updated benchmark cisco_nx-os_switch_ndm_stig, added version v3r2
Updated benchmark cisco_nx-os_switch_l2s_stig, added version v3r2
Updated benchmark cisco_ise_ndm_stig, added version v2r2
Updated benchmark cisco_ise_nac_stig, added version v2r2
Updated benchmark cisco_ios_switch_ndm_stig, added version v3r2
Updated benchmark cisco_ios_router_rtr_stig, added version v3r2
Updated benchmark cisco_ios_router_ndm_stig, added version v3r2
Updated benchmark cisco_ios-xr_router_rtr_stig, added version v3r2
Updated benchmark cisco_ios-xr_router_ndm_stig, added version v3r2
Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v3r2
Updated benchmark cisco_ios-xe_router_rtr_stig, added version v3r2
Updated benchmark cisco_ios-xe_router_ndm_stig, added version v3r2
Updated benchmark cisco_asa_vpn_stig, added version v2r2
Updated benchmark cisco_asa_ndm_stig, added version v2r2
Updated benchmark cisco_asa_ips_stig, updated version v2r1
Updated benchmark crunchy_data_postgresql_stig, updated version v3r1
Updated benchmark can_ubuntu_22-04_lts_stig, added version v2r2
Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v2r1
Updated benchmark ca_idms_stig, added version v2r1
Updated benchmark application_security_development_stig, updated version v6r1
Updated benchmark arista_mls_eos_4-2x_ndm_stig, updated version v2r1
Added benchmark apple_macos_15_stig, added version v1r1
Updated benchmark apple_macos_14_stig, added version v2r2
Added benchmark apple_ios-ipados_18_stig, added version v1r1
Updated benchmark apple_ios-ipados_17_stig, updated version v2r1
Updated benchmark apple_ios-ipados_16_cobo-cope_stig, updated version v2r1
Updated benchmark tomcat_application_server_9_stig, updated version v3r1
Updated benchmark apache_server_2-4_unix_server_stig, updated version v3r1
Updated benchmark active_directory_forest, updated version v3r1
Updated benchmark active_directory_domain, updated version v3r5
Updated benchmark mcafee_tie-dxl_stig, updated version v3r1
Updated benchmark mcafee_ens_10-x_stig, added version v3r2
Updated benchmark mcafee_ens_10-x_local_client_stig, added version v2r2
Updated benchmark ess_mcafee_agent_stig, added version v5r11
Updated benchmark hbss_rogue_sensor, added version v5r3
Updated benchmark ess_epo_5-3_5-9_stig, added version v3r2
Updated benchmark hbss_agent_handler, added version v2r4
Fixed PP on ESXi 8.0 STIG check ESXI-80-000247
VMware vSphere 8.0 vCenter Appliance PostgreSQL STIG v2r1 only removed checks, marked ready.
VMware vSphere 8.0 vCenter Appliance Envoy STIG v2r1 had no content changes, marked ready.
Updated VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) STIG, v2r1, and marked ready, closes #170
Updated VMware vSphere 8.0 vCenter Appliance Lookup Service STIG, v2r1, and marked ready, closes #171
Updated VMware vSphere 8.0 vCenter Appliance Perfcharts STIG, v2r1, and marked ready, closes #178
Updated VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG, v2r1, and marked ready, closes #179
Updated VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG, v2r1, and marked ready, closes #193
Updated VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG, v2r1, and marked ready, closes #194
Updated VMware vSphere 8.0 vCenter STIG, v2r1, and marked ready, closes #202
Updated VMware vSphere 8.0 ESXi STIG, v2r1, and marked ready, closes #210
VMware vSphere 8.0 Virtual Machine STIG v2r1 had no content changes, marked ready.
Updated VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG, v2r1, and marked ready, closes #225
Updated Trellix ENS 10.x STIG, v3r1, and marked ready, closes #218
Updated ESS ePO 5.x STIG, v3r1, and marked ready, closes #163
Updated Trellix Application Control 8.x STIG, v3r1, and marked ready, closes #216
Updated Splunk Enterprise 8.x for Linux STIG, v2r1, and marked ready.
Updated Splunk Enterprise 7.x for Windows STIG, v3r1, and marked ready, closes #201
Updated Router SRG, v5r1, and marked ready, closes #169
Updated MS SQL Server 2014 Database STIG, v1r7, and marked ready, closes #167
Updated MS SQL Server 2014 Instance STIG, v2r4, and marked ready, closes #158
MS SQL Server 2016 Database STIG, v3r1, and marked ready, closes #177
Updated MS SQL Server 2016 Instance STIG, v3r1, and marked ready, closes #149
Microsoft IIS 10.0 Server STIG v3r1 had no content changes, marked ready.
Microsoft Edge STIG v2r1 had no content changes, marked ready.
Updated Layer 2 Switch SRG, v3r1, and marked ready. closes #204
Updated license end date to match Zivaro and added benchmarks per Tod Swain 28 Oct 24 email
Updated license end date and added benchmarks per Tod Swain 28 Oct 24 email
Updated Microsoft Office 365 ProPlus STIG, v3r1, and marked ready, closes #153
Updated Microsoft Publisher 2013 STIG, v1r6, and marked ready
Updated Microsoft Project 2013 STIG, v1r5, and marked ready, closes #191 and #192
Updated Microsoft PowerPoint 2013 STIG, v1r7, and marked ready, closes #166
Updated Microsoft Office System 2013 STIG, v2r2, and marked ready, closes #165
Updated Microsoft Lync 2013 STIG, v1r5, and marked ready, closes #215
Updated Microsoft InfoPath 2013 STIG, v1r6, and marked ready, closes #186
Updated Microsoft Excel 2013 STIG, v1r8, and marked ready, closes #164
Updated Microsoft Access 2013 STIG v1r7, and marked ready, closes #222
Always produce licenses with date-only format
Updated Active Directory Forest STIG, v3r1, and marked ready, closes #224
Updated Active Directory Domain STIG, v3r5, and marked ready, closes #199
Updated Microsoft Windows 2012 Server Domain Name System STIG, v2r7, and marked ready, closes #159
Updated Microsoft Windows Server 2022 STIG, v2r1, and marked ready, closes #152
Updated Microsoft Windows Server 2019 STIG v3r1, and marked ready, closes #151
Updated Microsoft Windows 10 STIG, v3r1, and marked ready, closes #160
Updated Microsoft Windows 11 STIG, v2r1, and marked ready, closes #150
Updated Microsoft Windows PAW STIG, v3r1, and marked ready, closes #187
Cisco NX OS Switch RTR STIG v3r1 had no content changes, marked ready.
Updated Cisco NX OS Switch NDM STIG, v3r1, and marked ready, closes #203
Updated Cisco NX OS Switch L2S STIG, v3r1, and marked ready, closes #184
Updated Cisco ISE NDM STIG, v2r1, and marked ready, closes #176
Updated Cisco ISE NAC STIG, v2r1, and marked ready, closes #175
Updated Cisco IOS XR Router RTR STIG, v3r1, closes #157
Cisco IOS XR Router NDM STIG v3r1 had no content changes, marked ready.
Cisco IOS XE Switch RTR STIG v3r1 had no content changes, marked ready.
Updated Cisco IOS XE Switch NDM STIG, v3r1, and marked ready, closes #195
Updated Cisco IOS XE Switch L2S STIG, v3r1, and marked ready, closes #183
Cisco IOS XE Router RTR STIG v3r1 had no content changes, marked ready.
Updated Cisco IOS XE Router NDM STIG, v3r1, and marked ready, closes #196
Cisco IOS Switch RTR STIG v3r1 had no content changes, marked ready.
Updated Cisco IOS Switch NDM STIG, v3r1, and marked ready, closes #190
Updated Cisco IOS Switch L2S STIG, v3r1, and marked ready, closes #182
Updated Cisco IOS Router RTR STIG, v3r1, and marked ready, closes #156
Updated Cisco IOS Router NDM STIG, v3r1, and marked ready, closes #189
Cisco ASA VPN STIG v2r1 had no content changes, marked ready.
Updated Cisco ASA NDM STIG v2r1, and marked ready, closes #162
Updated Cisco ASA IPS STIG, v2r1, and marked ready, closes #181
Updated Cisco ASA Firewall STIG, v2r1, and marked ready, closes #180
Reverted WinXP powershell commands to wmic.
RHEL 7 UPDATE
ORACLE DATABASE 11.2G
ORACLE DATABASE 11.2
Added Windows DNS 2022 stig per William Boutu
Added Windows DNS 2022 stig per Alexander Cushman
Added Windows DNS 2022 stig per Alexander Cushman
Added Windows DNS 2022 STIG per Alexander Cushman
Imported DISA updates from Jul through 26 Sep 2024.
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v2r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v2r1
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v2r1
Updated benchmark vmw_vsphere_7-0_virtual_machine_stig, updated version v1r3
Updated benchmark vmw_vsphere_7-0_vcenter_stig, updated version v1r3
Updated benchmark vmw_vsphere_7-0_vca_ui_stig, updated version v1r2
Updated benchmark vmw_vsphere_7-0_vca_sts_stig, updated version v1r2
Updated benchmark vmw_vsphere_7-0_vca_rhttpproxy_stig, updated version v1r1
Updated benchmark vmw_vsphere_7-0_vca_postgresql_stig, updated version v1r2
Updated benchmark vmw_vsphere_7-0_vca_photon_os_stig, updated version v1r3
Updated benchmark vmw_vsphere_7-0_vca_perfcharts_stig, updated version v1r1
Updated benchmark vmw_vsphere_7-0_vca_lookup_svc_stig, updated version v1r2
Updated benchmark vmw_vsphere_7-0_vca_eam_stig, updated version v1r2
Updated benchmark vmw_vsphere_7-0_vami_stig, updated version v1r2
Updated benchmark vmw_vsphere_7-0_esxi_stig, updated version v1r2
Updated benchmark vmw_nsx-t_t1_gateway_rtr_stig, updated version v1r1
Updated benchmark vmw_nsx-t_t1_gateway_fw_stig, updated version v1r3
Updated benchmark vmw_nsx-t_t-0_rtr_stig, updated version v1r2
Updated benchmark vmw_nsx-t_t-0_gateway_fw_stig, updated version v1r3
Updated benchmark vmware_nsx-t_sdn_controller_stig, updated version v1r1
Updated benchmark vmw_nsx-t_manager_ndm_stig, updated version v1r3
Updated benchmark vmware_nsx-t_distributed_fw_stig, updated version v1r3
Updated benchmark traditional_security_checklist, updated version v2r5
Updated benchmark tanium_7.3_stig, updated version v2r2
Updated benchmark tanium_7.0_stig, updated version v1r2
Updated benchmark symantec_proxysg_ndm_stig, updated version v1r2
Updated benchmark symantec_proxysg_alg_stig, updated version v1r3
Updated benchmark san, updated version v2r4
Updated benchmark samsung_sds_emm_stig, updated version v1r3
Updated benchmark spec_innovations_innoslate_4.x_stig, updated version v1r1
Updated benchmark sles_12_stig, updated version v2r13
Updated benchmark sel-2740s_ndm_stig, updated version v1r1
Updated benchmark sel-2740s_l2s_stig, updated version v1r1
Updated benchmark sdn_nv_stig, updated version v1r1
Updated benchmark oracle_weblogic_server_12c_stig, updated version v2r1
Updated benchmark oracle_linux_7_stig, updated version v2r14
Updated benchmark oracle_http_server_12-1-3_stig, updated version v2r2
Updated benchmark network_wlan_controller_platform_stig, updated version v7r3
Updated benchmark network_wlan_controller_mgmt_stig, updated version v7r2
Updated benchmark network_wlan_bridge_platform_stig, updated version v7r2
Updated benchmark network_wlan_bridge_mgmt_stig, updated version v7r2
Updated benchmark network_wlan_ap-nipr_platform_stig, updated version v7r3
Updated benchmark network_wlan_ap-nipr_mgmt_stig, updated version v7r2
Updated benchmark network_wlan_ap-ig_platform_stig, updated version v7r3
Updated benchmark network_wlan_ap-ig_mgmt_stig, updated version v7r2
Updated benchmark network_infrastructure_policy_stig, updated version v10r6
Updated benchmark multi-function_device, updated version v2r14
Updated benchmark windows_firewall_with_advanced_security, updated version v2r2
Updated benchmark microsoft_sharepoint_designer_2013, updated version v1r3
Updated benchmark microsoft_sharepoint_server_2013, updated version v2r3
Updated benchmark ms_scom_stig, updated version v1r1
Updated benchmark microsoft_publisher_2016, updated version v1r3
Updated benchmark microsoft_outlook_2016, updated version v2r3
Updated benchmark microsoft_onedrive, updated version v2r3
Updated benchmark ie_11_stig, updated version v2r5
Updated benchmark ms_exchange_2016_mailbox_server_stig, updated version v2r6
Updated benchmark ms_exchange_2016_edge_transport_server_stig, updated version v2r5
Updated benchmark ms_defender_antivirus, updated version v2r4
Updated benchmark moz_firefox_stig, updated version v6r5
Updated benchmark mobileiron_core_v10-x_mdm_stig, updated version v1r1
Updated benchmark microsoft_word_2016, updated version v1r1
Updated benchmark microsoft_visio_2016, updated version v1r1
Updated benchmark microsoft_skype_for_business_2016, updated version v1r1
Updated benchmark microsoft_project_2016, updated version v1r1
Updated benchmark microsoft_powerpoint_2016, updated version v1r1
Updated benchmark microsoft_onenote_2016, updated version v1r2
Updated benchmark microsoft_access_2016, updated version v1r1
Updated benchmark ibm_zvm_ca_vmsecure_stig, updated version v2r2
Updated benchmark ibm_websphere_traditional_v9-x_stig, updated version v1r1
Updated benchmark ibm_websphere_liberty_server_stig, updated version v1r2
Updated benchmark ibm_maas360_with_watson_v10.x_mdm_stig, updated version v1r2
Updated benchmark ibm_db2_v10-5_luw_stig, updated version v2r1
Updated benchmark ibm_datapower_ndm_stig, updated version v1r2
Updated benchmark ibm_datapower_alg_stig, updated version v1r1
Updated benchmark ibm_aspera_platform_4-2_stig, updated version v1r2
Updated benchmark ibm_aix_7-x_stig, updated version v2r9
Updated benchmark hycu_for_nutanix_stig, updated version v1r1
Updated benchmark hpe_3par_storeserv_3.2.x_stig, updated version v2r1
Updated benchmark hp_flexfabric_switch_rtr_stig, updated version v1r2
Updated benchmark hp_flexfabric_switch_ndm_stig, updated version v1r3
Updated benchmark hp_flexfabric_switch_l2s_stig, updated version v1r3
Updated benchmark google_chrome_current_windows, updated version v2r9
Updated benchmark fn_fortigate_firewall_stig, updated version v1r3
Updated benchmark fn_fortigate_firewall_ndm_stig, updated version v1r4
Updated benchmark citrix_xendesktop_7-x_windows_vda_stig, updated version v1r2
Updated benchmark citrix_xendesktop_storefront_stig, updated version v1r1
Updated benchmark citrix_xendesktop_7-x_receiver_stig, updated version v1r1
Updated benchmark citrix_xendesktop_license_server_stig, updated version v1r3
Updated benchmark citrix_xendesktop_delivery_controller_stig, updated version v1r3
Updated benchmark citrix_vad_7-x_workspace_app_stig, updated version v1r2
Updated benchmark citrix_vad_7x_windows_vda_stig, updated version v1r1
Updated benchmark citrix_vad_7-x_storefront_stig, updated version v1r1
Updated benchmark citrix_vad_7-x_linux_vda_stig, updated version v1r1
Updated benchmark citrix_vad_7-x_license_server_stig, updated version v1r1
Updated benchmark citrix_vad_7-x_delivery_controller_stig, updated version v1r2
Updated benchmark ca_idms_stig, updated version v1r2
Updated benchmark bems_3-x_stig, updated version v1r2
Updated benchmark bems_2-x_stig, updated version v1r3
Updated benchmark bb_uem_mdm_stig, updated version v2r1
Updated benchmark bb_cylanceprotect_mobile_for_uem_stig, updated version v1r2
Updated benchmark avepoint_docave_6_stig, updated version v1r2
Updated benchmark apple_ios-ipados_16_mdfpp_3-3_byoad_stig, updated version v1r1
Updated benchmark apple_ios-ipados_16_byoad_stig, updated version v1r1
Updated benchmark apache_site_2.2_windows, updated version v1r13
Updated benchmark apache_server_2.2_windows, updated version v1r13
Updated benchmark apache_site_2.2_unix, updated version v1r11
Updated benchmark apache_server_2.2_unix, updated version v1r11
Updated benchmark avepoint_compliance_guardian_stig, updated version v1r1
Updated benchmark akamai_ksd_service_il2_ndm_stig, updated version v1r1
Updated benchmark akamai_ksd_service_il2_alg_stig, updated version v1r1
Updated benchmark adobe_acrobat_reader_dc_continuous_track_stig, updated version v2r1
Updated benchmark adobe_acrobat_pro_dc_continuous_stig, updated version v2r1
Updated benchmark active_directory_forest, updated version v2r8
Updated benchmark active_directory_domain, updated version v3r4
Updated benchmark rel_in-country_lan_stig, updated version v2r2
Updated benchmark rel_embedded_lan_stig, updated version v2r2
Updated benchmark dod internet-niprnet_dmz_technology_policy_stig, updated version v3r5
Updated benchmark dod_internet-niprnet_dmz_technology_device_stig, updated version v3r5
Updated benchmark backbone_transport_services_policy_stig, updated version v3r1
Updated benchmark mcafee_tie-dxl_stig, added version v3r1
Updated benchmark mcafee_ens_10-x_stig, added version v3r1
Updated benchmark mcafee_ens_10-x_local_client_stig, added version v2r1
Updated benchmark joint_regional_security_stack_stig, updated version v2r3
Updated benchmark ess_mcafee_agent_stig, updated version v5r10
Updated benchmark hbss_staging_server, updated version v5r1
Updated benchmark hbss_rogue_sensor, updated version v5r2
Updated benchmark hbss_-_remote_console, updated version v5r2
Updated benchmark hbss_policyauditor, updated version v5r1
Updated benchmark ess_epo_5-3_5-9_stig, added version v3r1
Updated benchmark hbss_agent_handler, updated version v2r3
Updated benchmark google_android_13_cope_stig, added version v2r1
Updated benchmark google_android_13_cobo_stig, added version v2r1
Added benchmark cd_postgres_16_stig, added version v1r1
Updated benchmark splunk_enterprise_7-x_for_windows_stig, added version v3r1
Updated benchmark crunchy_data_postgresql_stig, added version v3r1
Updated benchmark ss_android_11_knox_3-x_legacy_stig, added version v1r2
Updated benchmark ss_android_11_knox_3-x_ae_stig, added version v1r2
Added benchmark cloud_computing_mission_owner_os_srg, added version v1r1
Updated benchmark cloud_computing_mission_owner_srg, added version v1r1
Updated benchmark apple_ios-ipados_16_cobo-cope_stig, added version v2r1
Updated benchmark ss_android_os_14_kpe_3-x_cope_stig, added version v2r1
Updated benchmark ss_android_os_14_kpe_3-x_cobo_stig, added version v2r1
Updated benchmark arista_mls_eos_4-2x_router_stig, added version v2r1
Updated benchmark arista_mls_eos_4-2x_ndm_stig, added version v2r1
Updated benchmark arista_mls_eos_4-2x_l2s_stig, added version v2r1
Updated benchmark container_platform_srg, added version v2r1
Updated benchmark kubernetes_stig, added version v2r1
Updated benchmark cisco_ise_ndm_stig, added version v2r1
Updated benchmark cisco_ise_nac_stig, added version v2r1
Updated benchmark apple_ios-ipados_17_stig, added version v2r1
Updated benchmark google_android_14_cope_stig, added version v2r1
Updated benchmark google_android_14_cobo_stig, added version v2r1
Updated benchmark ivanti_mi_core_mdm_server_stig, added version v2r1
Updated benchmark jamf_pro_v10-x_emm_stig, added version v3r1
Updated benchmark ms_exchange_2019_mailbox_server_stig, added version v2r1
Updated benchmark ms_exchange_2019_edge_server_stig, added version v2r1
Updated benchmark apple_macos_14_stig, added version v2r1
Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v3r1
Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v3r1
Updated benchmark cisco_ios_xe_switch_l2s_stig, added version v3r1
Updated benchmark ibm_zos_tss_stig, added version v9r1
Updated benchmark ibm_zos_racf_stig, added version v9r1
Updated benchmark ibm_zos_acf2_stig, added version v9r1
Updated benchmark tanium_7-x_os_tanos_stig, added version v2r1
Updated benchmark tanium_7-x_application_tanos_stig, added version v2r1
Updated benchmark ivanti_mi_sentry_9-x_ndm_stig, added version v2r1
Updated benchmark ivanti_mi_sentry_9-x_alg_stig, added version v2r1
Updated benchmark tm_tippingpoint_ndm_stig, added version v2r1
Updated benchmark tm_tippingpoint_idps_stig, added version v2r1
Updated benchmark ss_android_12_kpe_3-x_cope_stig, added version v1r3
Updated benchmark ss_android_12_kpe_3-x_cobo_stig, added version v1r3
Updated benchmark cisco_ios_switch_rtr_stig, added version v3r1
Updated benchmark cisco_ios_switch_ndm_stig, added version v3r1
Updated benchmark cisco_ios_switch_l2s_stig, added version v3r1
Updated benchmark tanium_7-x_stig, added version v2r1
Updated benchmark cisco_nx-os_switch_rtr_stig, added version v3r1
Updated benchmark cisco_nx-os_switch_ndm_stig, added version v3r1
Updated benchmark cisco_nx-os_switch_l2s_stig, added version v3r1
Updated benchmark google_android_12_cope_stig, added version v1r2
Updated benchmark google_android_12_cobo_stig, added version v1r2
Updated benchmark cisco_ios-xe_router_rtr_stig, added version v3r1
Updated benchmark cisco_ios-xe_router_ndm_stig, added version v3r1
Updated benchmark mirantis_kubernetes_engine_stig, added version v2r1
Updated benchmark cisco_ios_router_rtr_stig, added version v3r1
Updated benchmark cisco_ios_router_ndm_stig, added version v3r1
Updated benchmark rhel_9_stig, added version v2r1
Updated benchmark can_ubuntu_22-04_lts_stig, added version v2r1
Updated benchmark ms_edge_stig, added version v2r1
Updated benchmark mariadb_enterprise_10-x_stig, added version v2r1
Updated benchmark ibm_hmc_stig, added version v2r1
Updated benchmark ibm_hardware_management_console_policies, updated version v2r1
Updated benchmark ms_windows_server_2022_stig, added version v2r1
Updated benchmark postgresql_9-x_stig, added version v2r5
Updated benchmark oracle_mysql_8.0_stig, added version v2r1
Updated benchmark hpe_nimble_storage_array_ndm_stig, added version v2r1
Updated benchmark apache_server_2-4_windows_site_stig, updated version v2r1
Updated benchmark apache_server_2-4_windows_server_stig, added version v3r1
Updated benchmark ms_exchange_2013_mailbox_stig, added version v2r3
Updated benchmark ms_exchange_2013_edge_stig, added version v1r6
Updated benchmark ms_exchange_2013_cas_stig, added version v2r2
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, added version v2r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, added version v2r1
Updated benchmark vmw_vsphere_8.0_virtual_machine_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_vami_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_ui_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_sts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_envoy_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcsa_eam_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_vcenter_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, updated version v1r1
Updated benchmark vmw_vsphere_8-0_esxi_stig, added version v2r1
Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v2r1
Updated benchmark docker_enterprise_2-x_linux-unix_stig, added version v2r2
Updated benchmark oracle_database_11-2g_stig, added version v2r5
Updated benchmark rh_openshift_container_platform_4-12_stig, added version v2r1
Updated benchmark ss_android_os_13_kpe_3-x_cope_stig, added version v2r1
Updated benchmark ss_android_os_13_kpe_3-x_cobo_stig, added version v2r1
Updated benchmark cisco_ios-xr_router_rtr_stig, added version v3r1
Updated benchmark cisco_ios-xr_router_ndm_stig, added version v3r1
Updated benchmark pan_prisma_cloud_compute_stig, added version v2r1
Updated benchmark apple_macos_12_stig, added version v1r9
Updated benchmark mot_solutions_android_11_cobo_stig, added version v1r3
Added benchmark vmw_nsx_4-x_tier1_gw_rtr_stig, added version v1r1
Added benchmark vmw_nsx_4-x_tier1_gw_fw_stig, added version v1r1
Added benchmark vmw_nsx_4-x_tier0_gw_rtr_stig, added version v1r1
Added benchmark vmw_nsx_4-x_tier0_gw_fw_stig, added version v1r1
Added benchmark vmw_nsx_4-x_manager_ndm_stig, added version v1r1
Added benchmark vmw_nsx_4-x_distributed_fw_stig, added version v1r1
Updated benchmark oracle_database_12c_stig, added version v3r1
Updated benchmark rh_ansible_automation_controller_web_server_stig, added version v2r1
Updated benchmark rh_ansible_automation_controller_app_server_stig, added version v2r1
Updated benchmark rb_netprofiler_stig, added version v2r1
Updated benchmark uem_server_srg, added version v2r1
Updated benchmark uem_agent_srg, updated version v1r1
Updated benchmark toss_4_stig, added version v2r1
Updated benchmark epas_stig, added version v2r1
Updated benchmark ms_windows_10_stig, added version v3r1
Updated benchmark arista_dcs-7000_series_rtr_stig, added version v1r4
Updated benchmark arista_dcs-7000_series_ndm_stig, added version v1r4
Updated benchmark arista_dcs-7000_series_l2s_stig, updated version v1r3
Updated benchmark rancher_mcm_stig, added version v2r1
Updated benchmark ms_office_365_proplus_stig, added version v3r1
Updated benchmark dns_srg, added version v4r1
Updated benchmark iis_10-0_site_stig, updated version v2r9
Updated benchmark iis_10-0_server_stig, added version v3r1
Updated benchmark microsoft_project_2010, added version v1r10
Updated benchmark edb_postgres_advanced_server_v11_on_windows_stig, added version v2r4
Updated benchmark ms_sql_server_2014_instance_stig, added version v2r4
Updated benchmark ms_sql_server_2014_database_stig, added version v1r7
Updated benchmark hpe_3par_storeserv_3.3.x_stig, added version v2r1
Updated benchmark hpe_3par_ssmc_ws_stig, added version v2r1
Updated benchmark hpe_3par_ssmc_gpos_stig, added version v2r1
Updated benchmark forescout_counteract_ndm_stig, added version v1r2
Updated benchmark ibm_mq_appliance_v9-0_ndm_stig, added version v1r2
Updated benchmark ibm_mq_appliance_v9-0_as_stig, added version v1r2
Updated benchmark db_networks_dbn_6300_ndm_stig, added version v1r2
Updated benchmark db_networks_dbn_6300_idps_stig, added version v1r2
Updated benchmark juniper_srx_sg_vpn_stig, added version v3r1
Updated benchmark juniper_srx_sg_ndm_stig, added version v3r1
Updated benchmark juniper_srx_sg_idps_stig, added version v2r1
Updated benchmark juniper_srx_sg_alg_stig, added version v3r1
Updated benchmark palo_alto_networks_ndm_stig, added version v3r1
Updated benchmark palo_alto_networks_idps_stig, added version v3r1
Updated benchmark palo_alto_networks_alg_stig, added version v3r1
Updated benchmark microsoft_word_2013, added version v1r7
Updated benchmark juniper_router_rtr_stig, added version v3r1
Updated benchmark juniper_router_ndm_stig, added version v3r1
Updated benchmark forescout_ndm_stig, added version v2r1
Updated benchmark fs_nac_stig, added version v2r1
Updated benchmark vmm, added version v2r1
Updated benchmark ca_api_gateway_ndm_stig, added version v1r2
Updated benchmark ca_api_gateway_alg_stig, added version v1r3
Updated benchmark windows_server_2019_stig, added version v3r1
Updated benchmark microsoft_access_2013, added version v1r7
Updated benchmark microsoft_infopath_2010, added version v1r12
Updated benchmark forescout_counteract_alg_stig, added version v1r3
Updated benchmark layer_2_switch_srg, added version v3r1
Updated benchmark microsoft_publisher_2010, added version v1r12
Updated benchmark windows_paw_stig, added version v3r1
Updated benchmark redis_enterprise_6-x_stig, added version v2r1
Updated benchmark vpn, added version v3r1
Updated benchmark microsoft_windows_11_stig, added version v2r1
Updated benchmark mongodb_enterprise_advanced_4-x_stig, added version v1r4
Updated benchmark ms_sql_server_2016_instance_stig, added version v3r1
Updated benchmark ms_sql_server_2016_database_stig, added version v3r1
Updated benchmark application_security_development_stig, added version v6r1
Updated benchmark microsoft_powerpoint_2010, added version v1r11
Updated benchmark netapp_ontap_dsc_9-x_stig, added version v2r1
Updated benchmark microsoft_access_2010, added version v1r11
Updated benchmark rhel_7_stig, added version v3r15
Updated benchmark ms_azure_sql_db_stig, added version v2r1
Updated benchmark active_directory_forest, added version v3r1
Updated benchmark microsoft_visio_2013, added version v1r5
Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, added version v2r7
Updated benchmark router_srg, added version v5r1
Updated benchmark mongodb_3-x_stig, added version v2r3
Updated benchmark microsoft_office_system_2010, added version v1r13
Added benchmark aaa_services, added version v2r1
Updated benchmark web_server_srg, added version v4r1
Updated benchmark microsoft_publisher_2013, added version v1r6
Updated benchmark mcafee_application_control_8-x_stig, added version v3r1
Updated benchmark marklogic_server_v9_stig, added version v3r1
Updated benchmark rgs_rke2_stig, added version v2r1
Updated benchmark sles_15_stig, added version v2r1
Updated benchmark juniper_ex_rtr_stig, added version v2r1
Updated benchmark juniper_ex_ndm_stig, added version v2r1
Updated benchmark juniper_ex_l2s_stig, added version v2r1
Updated benchmark central_log_server_srg, added version v3r1
Updated benchmark microsoft_office_system_2013, added version v2r2
Updated benchmark microsoft_word_2010, added version v1r12
Updated benchmark sdn_controller_srg, added version v2r1
Updated benchmark microsoft_infopath_2013, added version v1r6
Updated benchmark active_directory_domain, added version v3r5
Updated benchmark riverbed_steelhead_cx_v8_ndm_stig, added version v1r3
Updated benchmark riverbed_steelhead_cx_v8_alg_stig, added version v1r2
Updated benchmark microsoft_lync_2013, added version v1r5
Updated benchmark idps_srg, added version v3r1
Updated benchmark can_ubuntu_18-04_stig, added version v2r15
Updated benchmark database_generic, added version v4r1
Updated benchmark a10_networks_adc_ndm_stig, added version v1r2
Updated benchmark a10_networks_adc_alg_stig, added version v2r2
Updated benchmark application_layer_gateway_srg, added version v2r1
Updated benchmark firewall_srg, added version v3r1
Updated benchmark microsoft_excel_2013, added version v1r8
Updated benchmark cisco_asa_vpn_stig, added version v2r1
Updated benchmark cisco_asa_ndm_stig, added version v2r1
Updated benchmark cisco_asa_ips_stig, added version v2r1
Updated benchmark cisco_asa_fw_stig, added version v2r1
Updated benchmark application_server_srg, added version v4r1
Updated benchmark ms_windows_server_2022_dns_stig, added version v2r1
Updated benchmark microsoft_project_2013, added version v1r5
Updated benchmark microsoft_powerpoint_2013, added version v1r7
Updated benchmark general_purpose_operating_system, added version v3r1
Updated benchmark network_device_management_srg, added version v5r1
Updated benchmark solaris_11_sparc_stig, added version v3r1
Updated benchmark ivanti_connect_secure_vpn_stig, added version v2r1
Updated benchmark ivanti_connect_secure_ndm_stig, added version v2r1
Added benchmark slem_5_stig, added version v1r1
Updated benchmark ms_android_11_cope_stig, added version v1r2
Updated benchmark ms_android_11_cobo_stig, added version v1r2
Updated benchmark apache_server_2-4_unix_server_stig, added version v3r1
Updated benchmark oracle_linux_8_stig, added version v2r1
Updated benchmark tomcat_application_server_9_stig, added version v3r1
Updated benchmark solaris_11_x86_stig, added version v3r1
Updated benchmark mainframe_product_srg, added version v3r1
Updated benchmark vmware_workspace_one_uem_stig, added version v2r2
Updated benchmark nutanix_aos_5-20-x_os_stig, added version v1r2
Updated benchmark nutanix_aos_5-20-x_application_stig, added version v1r2
Added Solaris 10 SPARC and Oracle 11.2g and revised ms window 10/microsoft onedrive stig names
Cleaned up issues from SQL Server 2012 Merges.
Merged duplicate SQL Server 2012 STIGs.
SOLARIS 10

v2024.10.3 (2024-10-24)

Fixes

Added eMASS control summary tables to CRA
Family control rollup on control rating spreadsheet now uses all controls, not base controls
Correctly pass connection security status to Django in both HTTP and HTTPS modes

Benchmark

Reverted WinXP powershell commands to wmic.

v2024.10.2 (2024-10-22)

Fixes

For HTTP_ONLY servers, ensure all cookies are sent without the Secure attribute. Should fix CSRF issues.

v2024.10.1 (2024-10-11)

Small release. We have RMF rev 5 STIGs imported, but still not included in this release while we test the swap from Rev4 to Rev5.

Benchmarks

Work on Solaris 10 SPARC and Oracle 11.2g
Revised MS Windows 10 and One Drive STIG names

v2024.09.1 (2024-09-26)

Features

Several configuration items have been added:
- Added ability to control session termination at browser close, commit without CCI changes
- Added session ID to logs when available
- Added session length configuration settings and documentation
- Added basic DoD-style banner to Xylok, see configuration documentation for details
Show device type on machine page
Added a Risk Assessment helper, intended for helping update Control risks within eMASS directly (rather than only through the POAM)
Add POAM Helpers at CCI and control level
Added eMASS count helper for quick comparisons to eMASS’s control status

Fixes

Connection header won’t be logged any more
Corrected docs about updating
Use correct redirect code for some items
Hid dashboard and new client checklist
Corrected display of Cat Is vs Cat IIIs on CCI rater related data and similar locations
Skip adding blank mitigations to controls

Benchmarks

Updated SOLARIS 10 SPARC

v2024.08.1 (2024-08-06)

Warning: CentOS 7 is now EOM and RHEL 7 has only ELS available. We will stop intentionally supporting them soon. (https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/rhel-7-end-of-maintenance)

Features

Moved to a true executable wrapper around installer, rather than the BASH+tar wrapper. This setup seems to avoid the NIPR block that was preventing downloads of the installer before, plus allows for better command line parsing and easier changes in the future.
Added “POA&M Helper” worksheet to SAR that should make it easier to update risk ratings within eMASS.
Added “ALLOWED_DOMAINS” setting to configuration to allow users to restrict the domains the server may be accessed via. See Server Admin-Configuration docs for details.
Added “HTTP_ONLY” setting to configuration to allow users to make Xylok listen only via HTTP. Primarily intended for use behind a reverse proxy which is already terminating HTTPS. See Server Admin-Configuration docs for details.

Fixes

Overlays now mark removed controls as N/A, rather than fully tailoring them out of the baseline.
CRA now correctly reports number of inherited controls based on realized inheritance, rather than just the count of “possible” inherited CCIs.
Send all download files with the proper filename. Fixes issue with CKL files being given an XML extension
Corrected diagram width error in reports
Re-enabled installation tests for Rocky 8, Rocky 9, Fedora 40, and various LTS Ubuntus
Blocked known crawler user agents by returning no content and a 403 error code
Handle Podman warnings better in Xylok manager, skipping warning lines when attempting to parse JSON output.

Benchmarks

Added commands for Windows Server 2022 DNS
Corrected related PP on Windows 11 STIG.
Updated IE 11 check DTBI9999-IE11 to check for IE disabling.
Updates to RHEL 8 and 9 benchmarks

v2024.07.1 (2024-07-06)

Fixes

Handle Podman read-only file system changes changes. Fixes issues with Podman 4.7+, closes #97
Allow IP address certificates and increased header logging for requests. Progress on #96 for TLS issues to provide more debugging information
Allow certificate generation for any domain, not just one with ‘xylok’ in it
Fixed some classification markings on report
Fixed document usage in reports
Sorted related data for CCI ratings to put Cat Is on top
Fixed several bugs with CCI rater updating

v2024.06.1 (2024-06-11)

Features

The server now features ACME (Let’s Encrypt) support, allowing the server to automatically generate certificates. In addition, for servers with no Internet connection, automatic certificates can be generated for any domain used to access the server.
- For users, if you have trusted the Xylok CA certificate in your browser(s) in the past you will need to repeat that process. Download your local CA from your local /docs/ page.
- If you want to use Let’s Encrypt, see the updated documentation on the HTTPS.

Fixes

Corrected loading features from core server
Updated documentation to reflect that Docker is preferred on RHEL/CentOS 7
Stop generating local certs using the script
Changed Docker healthcheck to not break with new TLS provider
Always use CertMagic-based server
Spread context-based logging throughout tools
Added more logging around failing post-processing format requests
Use ‘mark results as’ setting for report overall markings, not ‘is classified’ checkbox. Fixes #5
Only say SUT one time in the reporting tools section of the report. Fixes #24
Allow scan page to work with numeric impact levels, displaying them correctly. Fixes #45
Show the control title on the control detail page, closes #28
If there are no overlays for a control, don’t display an empty row in the table
Allow downloads are marked as downloads now. Closes #38
Added documentation for advanced collector encryption of passwords
Upgraded Go version
Return error when internal proxy requests fail

Benchmarks

Updated PP on Windows 11 Checks Closes #84 Closes #85
RHEL 9 Bug Fixes and STIG Updates
Updated matching software and OS tags on Adobe Acrobat Pro XI STIG.
Tombstoned Adobe Acrobat Pro DC STIG (v1r0.1-draft).
Fixed OS tags for Adobe Acrobat Pro DC Continuous STIG.
Updated matching software list for Adobe Acrobat Pro DC Classic STIG.
Updated matching software list for Adobe Acrobat Reader DC Classic Track STIG.
Corrected OS tags on Adobe Acrobat Reader DC Continuous Track STIG.
Added PP to Apache Server 2.4 UNIX Server STIG v2r7.
Updated Cisco IOS XE Switch NDM STIG v2r9.
Updated Cisco IOS Switch NDM STIG v2r9.
Updated Trellix ENS 10.x STIG v2r14.
Updated VMware vSphere 7.0 vCenter Appliance Photon OS STIG v1r3.
Updated Active Directory Domain STIG v3r4.
Updated Microsoft Office System 2016 STIG v2r3.
Updated Microsoft Excel 2016 STIG v2r1.
Updated Microsoft SQL Server 2016 Database STIG v2r9.
FMC Custom STIG
Updated Microsoft Office 365 ProPlus STIG v2r12.
Updated Microsoft DotNet Framework 4.0 STIG v2r4.
Updated Microsoft Edge STIG v1r8.
Updated Microsoft SQL Server 2016 Instance STIG v2r12.
Updated Microsoft Windows Server 2016 STIG v2r8.
Updated Microsoft Windows Server 2019 STIG v2r9.
Updated Microsoft Windows Server 2022 STIG v1r5.
Updated Microsoft Windows 10 STIG v2r9 Updated Microsoft Windows 11 STIG v1r6
Imported DISA STIG updates from early May 2024.
Updated benchmark ms_windows_server_2022_stig, added version v1r5
Updated benchmark bind_9-x_stig, added version v2r3
Updated benchmark microsoft_windows_11_stig, added version v1r6
Updated benchmark ms_windows_10_stig, added version v2r9
Updated benchmark dns_srg, added version v3r2
Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, added version v2r6
Updated benchmark windows_server_2016_stig, added version v2r8
Updated benchmark active_directory_domain, added version v3r4
Updated benchmark windows_server_2019_stig, added version v2r9
Imported DISA STIG updates from Apr 2024, including CUI STIGs.
Updated benchmark mcafee_ens_10-x_stig, added version v2r14
Updated benchmark zos_webspheremq_for_tss_stig, updated version v6r4
Updated benchmark zos_websphere_application_server_for_tss_stig, updated version v6r1
Updated benchmark zos_tdmf_for_tss_stig, updated version v6r4
Updated benchmark zos_tadz_for_tss_stig, updated version v6r7
Updated benchmark zos_srraudit_for_tss_stig, updated version v6r5
Updated benchmark zos_roscoe_for_tss_stig, updated version v6r8
Updated benchmark zos_quest_nc-pass_for_tss_stig, updated version v6r3
Updated benchmark zos_netview_for_tss_stig, updated version v6r9
Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, updated version v6r10
Updated benchmark zos_ibm_health_checker_for_tss, updated version v6r3
Updated benchmark zos_ibm_cics_transaction_server_for_tss, updated version v6r9
Updated benchmark zos_hcd_for_tss_stig, updated version v6r4
Updated benchmark zos_fep_for_tss, updated version v6r1
Updated benchmark zos_fdr_for_tss_stig, updated version v6r2
Updated benchmark zos_cssmtp_for_tss_stig, updated version v6r6
Updated benchmark zos_compuware_abend-aid_for_tss, updated version v6r7
Updated benchmark zos_clsupersession_for_tss_stig, added version v6r13
Updated benchmark zos_catalog_solutions_for_tss_stig, updated version v6r5
Updated benchmark zos_ca_1_tape_management_for_tss_stig, updated version v6r10
Updated benchmark zos_ca_vtape_for_tss_stig, updated version v6r5
Updated benchmark zos_ca_mim_for_tss_stig, updated version v6r4
Updated benchmark zos_ca_mics_for_tss_stig, updated version v6r5
Updated benchmark zos_ca_common_services_for_tss_stig, updated version v6r2
Updated benchmark zos_ca_auditor_for_tss_stig, updated version v6r4
Updated benchmark zos_bmc_mainview_for_zos_for_tss_stig, updated version v6r8
Updated benchmark zos_bmc_ioa_for_tss_stig, updated version v6r8
Updated benchmark zos_bmc_control-o_for_tss_stig, updated version v6r8
Updated benchmark zos_bmc_control-m_restart_for_tss_stig, updated version v6r6
Updated benchmark zos_bmc_control-m_for_tss_stig, updated version v6r10
Updated benchmark zos_bmc_control-d_for_tss_stig, updated version v6r8
Updated benchmark zos_webspheremq_for_racf_stig, updated version v6r4
Updated benchmark zos_websphere_application_server_for_racf_stig, updated version v6r1
Updated benchmark zos_vss_for_racf_stig, updated version v6r8
Updated benchmark zos_tdmf_for_racf_stig, updated version v6r4
Updated benchmark zos_tadz_for_racf_stig, updated version v6r7
Updated benchmark zos_srraudit_for_racf_stig, updated version v6r5
Updated benchmark zos_roscoe_for_racf_stig, updated version v6r8
Updated benchmark zos_quest_nc-pass_for_racf_stig, updated version v6r3
Updated benchmark zos_netview_for_racf_stig, updated version v6r9
Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, updated version v6r10
Updated benchmark zos_ibm_health_checker_for_racf, updated version v6r3
Updated benchmark zos_ibm_cics_transaction_server_for_racf, updated version v6r9
Updated benchmark zos_hcd_for_racf_stig, updated version v6r4
Updated benchmark zos_fep_for_racf_stig, updated version v6r1
Updated benchmark zos_fdr_for_racf_stig, updated version v6r2
Updated benchmark zos_cssmtp_for_racf_stig, updated version v6r6
Updated benchmark zos_compuware_abend-aid_for_racf, updated version v6r7
Updated benchmark zos_clsupersession_for_racf_stig, added version v6r13
Updated benchmark zos_catalog_solutions_for_racf_stig, updated version v6r5
Updated benchmark zos_ca_1_tape_management_for_racf_stig, updated version v6r10
Updated benchmark zos_ca_vtape_for_racf_stig, updated version v6r5
Updated benchmark zos_ca_mim_for_racf_stig, updated version v6r4
Updated benchmark zos_ca_mics_for_racf_stig, updated version v6r5
Updated benchmark zos_ca_common_services_for_racf_stig, updated version v6r3
Updated benchmark zos_ca_auditor_for_racf_stig, updated version v6r4
Updated benchmark zos_bmc_mainview_for_zos_for_racf_stig, updated version v6r8
Updated benchmark zos_bmc_ioa_for_racf_stig, updated version v6r8
Updated benchmark zos_bmc_control-o_for_racf_stig, updated version v6r8
Updated benchmark zos_bmc_control-m_restart_for_racf_stig, updated version v6r6
Updated benchmark zos_bmc_control-m_for_racf_stig, updated version v6r10
Updated benchmark zos_bmc_control-d_for_racf_stig, updated version v6r8
Updated benchmark zos_webspheremq_for_acf2_stig, updated version v6r4
Updated benchmark zos_websphere_application_server_for_acf2_stig, updated version v6r1
Updated benchmark zos_tdmf_for_acf2_stig, updated version v6r4
Updated benchmark zos_tadz_for_acf2_stig, updated version v6r7
Updated benchmark zos_srraudit_for_acf2_stig, updated version v6r5
Updated benchmark zos_roscoe_for_acf2_stig, updated version v6r9
Updated benchmark zos_quest_nc-pass_for_acf2_stig, updated version v6r3
Updated benchmark zos_netview_for_acf2_stig, updated version v6r9
Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, updated version v6r11
Updated benchmark zos_ibm_health_checker_for_acf2, updated version v6r3
Updated benchmark zos_ibm_cics_transaction_server_for_acf2, updated version v6r8
Updated benchmark zos_hcd_for_acf2_stig, updated version v6r4
Updated benchmark zos_fep_for_acf2_stig, updated version v6r1
Updated benchmark zos_fdr_for_acf2_stig, updated version v6r2
Updated benchmark zos_cssmtp_for_acf2_stig, updated version v6r6
Updated benchmark zos_compuware_abend-aid_for_acf2, updated version v6r7
Updated benchmark zos_clsupersession_for_acf2_stig, added version v6r13
Updated benchmark zos_catalog_solutions_for_acf2_stig, updated version v6r4
Updated benchmark zos_ca_1_tape_management_for_acf2_stig, updated version v6r10
Updated benchmark zos_ca_vtape_for_acf2_stig, updated version v6r5
Updated benchmark zos_ca_mim_for_acf2_stig, updated version v6r4
Updated benchmark zos_ca_mics_for_acf2_stig, updated version v6r5
Updated benchmark zos_ca_common_services_for_acf2_stig, updated version v6r2
Updated benchmark zos_ca_auditor_for_acf2_stig, updated version v6r4
Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, updated version v6r10
Updated benchmark zos_bmc_ioa_for_acf2_stig, updated version v6r8
Updated benchmark zos_bmc_control-o_for_acf2_stig, updated version v6r8
Updated benchmark zos_bmc_control-m_restart_for_acf2_stig, updated version v6r6
Updated benchmark zos_bmc_control-m_for_acf2_stig, updated version v6r10
Updated benchmark zos_bmc_control-d_for_acf2_stig, updated version v6r8
Added benchmark ss_android_14_mdfpp_3-3_byoad_stig, added version v1r1
Added benchmark ss_android_14_byoad_stig, added version v1r1
Updated benchmark ss_android_os_14_kpe_3-x_cope_stig, added version v1r2
Updated benchmark ss_android_os_14_kpe_3-x_cobo_stig, added version v1r2
Added benchmark google_android_14_mdf_pp_3-3_byoad_stig, added version v1r1
Added benchmark google_android_14_byoad_stig, added version v1r1
Updated benchmark rhel_9_stig, added version v1r3
Added benchmark evvm_session_management_srg, added version v1r1
Added benchmark evvm_policy_srg, added version v1r1
Added benchmark evvm_endpoint_srg, added version v1r1
Added benchmark apple_ios_ipados_17_mdfpp_3-3_byoad_stig, added version v1r1
Added benchmark apple_ios-ipados_17_byoad_stig, added version v1r1
Updated benchmark oracle_linux_8_stig, added version v1r10
Updated benchmark google_android_13_mdf_pp_3-3_byoad_stig, updated version v1r1
Updated benchmark google_android_13_byoad_stig, added version v1r2
Updated benchmark ms_edge_stig, added version v1r8
Updated benchmark cisco_ios_switch_rtr_stig, updated version v2r5
Updated benchmark cisco_ios_switch_ndm_stig, added version v2r9
Updated benchmark cisco_ios_switch_l2s_stig, updated version v2r4
Updated benchmark solaris_11_x86_stig, added version v2r10
Updated benchmark rhel_8_stig, added version v1r14
Updated benchmark apple_macos_13_stig, added version v1r4
Updated benchmark ibm_zos_tss_stig, added version v8r13
Updated benchmark ibm_zos_racf_stig, added version v8r14
Updated benchmark ibm_zos_acf2_stig, added version v8r15
Updated benchmark apache_server_2-4_unix_site_stig, updated version v2r4
Updated benchmark apache_server_2-4_unix_server_stig, added version v2r7
Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, added version v2r3
Updated benchmark f5_big-ip_device_management_11-x_stig, added version v2r3
Added benchmark f5_big-ip_application_security_manager_11-x_stig, added version v2r1
Added benchmark f5_big-ip_advanced_firewall_manager_11-x_stig, added version v2r1
Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, added version v2r3
Updated benchmark apple_macos_14_stig, added version v1r2
Updated benchmark cisco_ios_xe_switch_rtr_stig, updated version v2r5
Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r9
Updated benchmark cisco_ios_xe_switch_l2s_stig, updated version v2r5
Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r12
Updated benchmark solaris_11_sparc_stig, added version v2r10
Updated benchmark apple_ios-ipados_15_stig, added version v1r4
Updated benchmark rh_ansible_automation_controller_web_server_stig, added version v1r2
Updated benchmark rh_ansible_automation_controller_app_server_stig, updated version v1r2
Added benchmark can_ubuntu_22-04_lts_stig, added version v1r1
Updated benchmark cisco_nx-os_switch_rtr_stig, updated version v2r3
Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r8
Updated benchmark cisco_nx-os_switch_l2s_stig, updated version v2r3
Updated benchmark ms_office_365_proplus_stig, added version v2r12
Updated benchmark web_server_srg, added version v3r3
Added benchmark ibm_zsecure_suite_stig, added version v1r1
Updated benchmark ms_sql_server_2016_instance_stig, added version v2r12
Updated benchmark ms_sql_server_2016_database_stig, added version v2r9
Updated benchmark jboss_eap_6-3_stig, added version v2r4
Added benchmark mirantis_kubernetes_engine_stig, added version v1r1
Updated benchmark sles_15_stig, added version v1r13
Updated benchmark router_srg, added version v4r3
Updated benchmark can_ubuntu_18-04_stig, added version v2r14
Updated benchmark netapp_ontap_dsc_9-x_stig, added version v1r4
Updated benchmark microsoft_excel_2016, added version v2r1
Updated benchmark rgs_rke2_stig, added version v1r5
Updated benchmark vpn, added version v2r6
Updated benchmark vmware_horizon_7-13_connection_server_stig, added version v1r2
Updated benchmark vmware_horizon_7-13_client_stig, updated version v1r1
Updated benchmark vmware_horizon_7-13_agent_stig, updated version v1r1
Updated benchmark ms_dot_net_framework, added version v2r4
Updated benchmark rhel_9_stig, updated version v1r2
Updated benchmark microsoft_office_system_2016, added version v2r3
Minor updates to McAfee STIGs.
Created new Powershell utility function.

v2024.05.3 (2024-05-14)

Fixes

Upgraded Go version, removing two vulnerabilities
Log all HTTP requests by default
Allow access to API liveness/readiness without auth
No longer try to compress any data, it was causing issues with downloads

v2024.05.2 (2024-05-13)

Fixes

Fix: Handle benchmarks with question but no answer choices (#32)
Changelog/doc link fixes (#30)

Benchmark Changes

Correctly import all the changes listed in v2024.05.1, the question issue above was cancelling the import.

v2024.05.1 (2024-05-07)

Features

Control rater now de-duplicates default control comments
File portal now offers a ‘proxied’ download which runs through the portal server. Depending on your network, this may avoid network blocks.
Nginx has been removed in favor of a new primary process that handles both the proxying to the backend and a new GraphQL server. This change should be transparent to the user.
Installer will now automatically apply FAPolicy for the xylok-manager.py script and ensures the scripts it installs are readable, fixing an issue with some new installs.

Fixes

GraphQL server running within primary server now
- Upgraded GraphQL to new release of gqlgen
- GraphQL can handle dates in the CCI rater now. Closes #26
- GraphQL report updates can take booleans now
- Feature list fully loading through graphql
- Report listing loads over graphql
- Updated report working through graphql
Nessus importing now correctly creates all missing plugin checks
Handle lodash paths like a.0.c.3 as if the numbers are also array indexes
Filter out empty documents from report list
Moved Latex packages into repo, avoiding download issues
Correctly report the error and fail to build installer if latex libraries fail to install
Fix control rater modal not working, closes #2
Made table 4.2 in report use a long table and be much shorter, in case there are a lot of the ‘highest rated’ controls
CORS fix for tRPC->core again
Download portal has a simple cache now, making it faster
Removed link to tRPC docs, tRPC is going to be removed soon
Fixed small bugs with automatically created interview questions

Benchmark Changes

Imported DISA STIG updates from early May 2024.
Updated benchmark ms_windows_server_2022_stig, added version v1r5
Updated benchmark bind_9-x_stig, added version v2r3
Updated benchmark microsoft_windows_11_stig, added version v1r6
Updated benchmark ms_windows_10_stig, added version v2r9
Updated benchmark dns_srg, added version v3r2
Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, added version v2r6
Updated benchmark windows_server_2016_stig, added version v2r8
Updated benchmark active_directory_domain, added version v3r4
Updated benchmark windows_server_2019_stig, added version v2r9
Imported DISA STIG updates from Apr 2024, including CUI STIGs.
Updated benchmark mcafee_ens_10-x_stig, added version v2r14
Updated benchmark zos_webspheremq_for_tss_stig, updated version v6r4
Updated benchmark zos_websphere_application_server_for_tss_stig, updated version v6r1
Updated benchmark zos_tdmf_for_tss_stig, updated version v6r4
Updated benchmark zos_tadz_for_tss_stig, updated version v6r7
Updated benchmark zos_srraudit_for_tss_stig, updated version v6r5
Updated benchmark zos_roscoe_for_tss_stig, updated version v6r8
Updated benchmark zos_quest_nc-pass_for_tss_stig, updated version v6r3
Updated benchmark zos_netview_for_tss_stig, updated version v6r9
Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, updated version v6r10
Updated benchmark zos_ibm_health_checker_for_tss, updated version v6r3
Updated benchmark zos_ibm_cics_transaction_server_for_tss, updated version v6r9
Updated benchmark zos_hcd_for_tss_stig, updated version v6r4
Updated benchmark zos_fep_for_tss, updated version v6r1
Updated benchmark zos_fdr_for_tss_stig, updated version v6r2
Updated benchmark zos_cssmtp_for_tss_stig, updated version v6r6
Updated benchmark zos_compuware_abend-aid_for_tss, updated version v6r7
Updated benchmark zos_clsupersession_for_tss_stig, added version v6r13
Updated benchmark zos_catalog_solutions_for_tss_stig, updated version v6r5
Updated benchmark zos_ca_1_tape_management_for_tss_stig, updated version v6r10
Updated benchmark zos_ca_vtape_for_tss_stig, updated version v6r5
Updated benchmark zos_ca_mim_for_tss_stig, updated version v6r4
Updated benchmark zos_ca_mics_for_tss_stig, updated version v6r5
Updated benchmark zos_ca_common_services_for_tss_stig, updated version v6r2
Updated benchmark zos_ca_auditor_for_tss_stig, updated version v6r4
Updated benchmark zos_bmc_mainview_for_zos_for_tss_stig, updated version v6r8
Updated benchmark zos_bmc_ioa_for_tss_stig, updated version v6r8
Updated benchmark zos_bmc_control-o_for_tss_stig, updated version v6r8
Updated benchmark zos_bmc_control-m_restart_for_tss_stig, updated version v6r6
Updated benchmark zos_bmc_control-m_for_tss_stig, updated version v6r10
Updated benchmark zos_bmc_control-d_for_tss_stig, updated version v6r8
Updated benchmark zos_webspheremq_for_racf_stig, updated version v6r4
Updated benchmark zos_websphere_application_server_for_racf_stig, updated version v6r1
Updated benchmark zos_vss_for_racf_stig, updated version v6r8
Updated benchmark zos_tdmf_for_racf_stig, updated version v6r4
Updated benchmark zos_tadz_for_racf_stig, updated version v6r7
Updated benchmark zos_srraudit_for_racf_stig, updated version v6r5
Updated benchmark zos_roscoe_for_racf_stig, updated version v6r8
Updated benchmark zos_quest_nc-pass_for_racf_stig, updated version v6r3
Updated benchmark zos_netview_for_racf_stig, updated version v6r9
Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, updated version v6r10
Updated benchmark zos_ibm_health_checker_for_racf, updated version v6r3
Updated benchmark zos_ibm_cics_transaction_server_for_racf, updated version v6r9
Updated benchmark zos_hcd_for_racf_stig, updated version v6r4
Updated benchmark zos_fep_for_racf_stig, updated version v6r1
Updated benchmark zos_fdr_for_racf_stig, updated version v6r2
Updated benchmark zos_cssmtp_for_racf_stig, updated version v6r6
Updated benchmark zos_compuware_abend-aid_for_racf, updated version v6r7
Updated benchmark zos_clsupersession_for_racf_stig, added version v6r13
Updated benchmark zos_catalog_solutions_for_racf_stig, updated version v6r5
Updated benchmark zos_ca_1_tape_management_for_racf_stig, updated version v6r10
Updated benchmark zos_ca_vtape_for_racf_stig, updated version v6r5
Updated benchmark zos_ca_mim_for_racf_stig, updated version v6r4
Updated benchmark zos_ca_mics_for_racf_stig, updated version v6r5
Updated benchmark zos_ca_common_services_for_racf_stig, updated version v6r3
Updated benchmark zos_ca_auditor_for_racf_stig, updated version v6r4
Updated benchmark zos_bmc_mainview_for_zos_for_racf_stig, updated version v6r8
Updated benchmark zos_bmc_ioa_for_racf_stig, updated version v6r8
Updated benchmark zos_bmc_control-o_for_racf_stig, updated version v6r8
Updated benchmark zos_bmc_control-m_restart_for_racf_stig, updated version v6r6
Updated benchmark zos_bmc_control-m_for_racf_stig, updated version v6r10
Updated benchmark zos_bmc_control-d_for_racf_stig, updated version v6r8
Updated benchmark zos_webspheremq_for_acf2_stig, updated version v6r4
Updated benchmark zos_websphere_application_server_for_acf2_stig, updated version v6r1
Updated benchmark zos_tdmf_for_acf2_stig, updated version v6r4
Updated benchmark zos_tadz_for_acf2_stig, updated version v6r7
Updated benchmark zos_srraudit_for_acf2_stig, updated version v6r5
Updated benchmark zos_roscoe_for_acf2_stig, updated version v6r9
Updated benchmark zos_quest_nc-pass_for_acf2_stig, updated version v6r3
Updated benchmark zos_netview_for_acf2_stig, updated version v6r9
Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, updated version v6r11
Updated benchmark zos_ibm_health_checker_for_acf2, updated version v6r3
Updated benchmark zos_ibm_cics_transaction_server_for_acf2, updated version v6r8
Updated benchmark zos_hcd_for_acf2_stig, updated version v6r4
Updated benchmark zos_fep_for_acf2_stig, updated version v6r1
Updated benchmark zos_fdr_for_acf2_stig, updated version v6r2
Updated benchmark zos_cssmtp_for_acf2_stig, updated version v6r6
Updated benchmark zos_compuware_abend-aid_for_acf2, updated version v6r7
Updated benchmark zos_clsupersession_for_acf2_stig, added version v6r13
Updated benchmark zos_catalog_solutions_for_acf2_stig, updated version v6r4
Updated benchmark zos_ca_1_tape_management_for_acf2_stig, updated version v6r10
Updated benchmark zos_ca_vtape_for_acf2_stig, updated version v6r5
Updated benchmark zos_ca_mim_for_acf2_stig, updated version v6r4
Updated benchmark zos_ca_mics_for_acf2_stig, updated version v6r5
Updated benchmark zos_ca_common_services_for_acf2_stig, updated version v6r2
Updated benchmark zos_ca_auditor_for_acf2_stig, updated version v6r4
Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, updated version v6r10
Updated benchmark zos_bmc_ioa_for_acf2_stig, updated version v6r8
Updated benchmark zos_bmc_control-o_for_acf2_stig, updated version v6r8
Updated benchmark zos_bmc_control-m_restart_for_acf2_stig, updated version v6r6
Updated benchmark zos_bmc_control-m_for_acf2_stig, updated version v6r10
Updated benchmark zos_bmc_control-d_for_acf2_stig, updated version v6r8
Added benchmark ss_android_14_mdfpp_3-3_byoad_stig, added version v1r1
Added benchmark ss_android_14_byoad_stig, added version v1r1
Updated benchmark ss_android_os_14_kpe_3-x_cope_stig, added version v1r2
Updated benchmark ss_android_os_14_kpe_3-x_cobo_stig, added version v1r2
Added benchmark google_android_14_mdf_pp_3-3_byoad_stig, added version v1r1
Added benchmark google_android_14_byoad_stig, added version v1r1
Updated benchmark rhel_9_stig, added version v1r3
Added benchmark evvm_session_management_srg, added version v1r1
Added benchmark evvm_policy_srg, added version v1r1
Added benchmark evvm_endpoint_srg, added version v1r1
Added benchmark apple_ios_ipados_17_mdfpp_3-3_byoad_stig, added version v1r1
Added benchmark apple_ios-ipados_17_byoad_stig, added version v1r1
Updated benchmark oracle_linux_8_stig, added version v1r10
Updated benchmark google_android_13_mdf_pp_3-3_byoad_stig, updated version v1r1
Updated benchmark google_android_13_byoad_stig, added version v1r2
Updated benchmark ms_edge_stig, added version v1r8
Updated benchmark cisco_ios_switch_rtr_stig, updated version v2r5
Updated benchmark cisco_ios_switch_ndm_stig, added version v2r9
Updated benchmark cisco_ios_switch_l2s_stig, updated version v2r4
Updated benchmark solaris_11_x86_stig, added version v2r10
Updated benchmark rhel_8_stig, added version v1r14
Updated benchmark apple_macos_13_stig, added version v1r4
Updated benchmark ibm_zos_tss_stig, added version v8r13
Updated benchmark ibm_zos_racf_stig, added version v8r14
Updated benchmark ibm_zos_acf2_stig, added version v8r15
Updated benchmark apache_server_2-4_unix_site_stig, updated version v2r4
Updated benchmark apache_server_2-4_unix_server_stig, added version v2r7
Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, added version v2r3
Updated benchmark f5_big-ip_device_management_11-x_stig, added version v2r3
Added benchmark f5_big-ip_application_security_manager_11-x_stig, added version v2r1
Added benchmark f5_big-ip_advanced_firewall_manager_11-x_stig, added version v2r1
Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, added version v2r3
Updated benchmark apple_macos_14_stig, added version v1r2
Updated benchmark cisco_ios_xe_switch_rtr_stig, updated version v2r5
Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r9
Updated benchmark cisco_ios_xe_switch_l2s_stig, updated version v2r5
Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r12
Updated benchmark solaris_11_sparc_stig, added version v2r10
Updated benchmark apple_ios-ipados_15_stig, added version v1r4
Updated benchmark rh_ansible_automation_controller_web_server_stig, added version v1r2
Updated benchmark rh_ansible_automation_controller_app_server_stig, updated version v1r2
Added benchmark can_ubuntu_22-04_lts_stig, added version v1r1
Updated benchmark cisco_nx-os_switch_rtr_stig, updated version v2r3
Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r8
Updated benchmark cisco_nx-os_switch_l2s_stig, updated version v2r3
Updated benchmark ms_office_365_proplus_stig, added version v2r12
Updated benchmark web_server_srg, added version v3r3
Added benchmark ibm_zsecure_suite_stig, added version v1r1
Updated benchmark ms_sql_server_2016_instance_stig, added version v2r12
Updated benchmark ms_sql_server_2016_database_stig, added version v2r9
Updated benchmark jboss_eap_6-3_stig, added version v2r4
Added benchmark mirantis_kubernetes_engine_stig, added version v1r1
Updated benchmark sles_15_stig, added version v1r13
Updated benchmark router_srg, added version v4r3
Updated benchmark can_ubuntu_18-04_stig, added version v2r14
Updated benchmark netapp_ontap_dsc_9-x_stig, added version v1r4
Updated benchmark microsoft_excel_2016, added version v2r1
Updated benchmark rgs_rke2_stig, added version v1r5
Updated benchmark vpn, added version v2r6
Updated benchmark vmware_horizon_7-13_connection_server_stig, added version v1r2
Updated benchmark vmware_horizon_7-13_client_stig, updated version v1r1
Updated benchmark vmware_horizon_7-13_agent_stig, updated version v1r1
Updated benchmark ms_dot_net_framework, added version v2r4
Updated benchmark rhel_9_stig, updated version v1r2
Updated benchmark microsoft_office_system_2016, added version v2r3
Updated Apache Server 2.4 UNIX Site STIG v2r4 and marked ready.
Updated Apache Server 2.4 UNIX Server STIG v2r6 and marked ready.
Minor updates to McAfee STIGs.
Updated Apache Server 2.4 UNIX Server STIG, v2r6.

v2024.04.1 (2024-04-07)

Fixes

Cleaned up implicit memory warning in advanced collector lint
Benchmarks now figure out if they have users directly from the license file

Benchmark Changes

Added interview questions to VMM SRG and marked it ready for customer usage (interview only)
Cisco FMC data collection changes, notably virtually all top-level “Get all” type API queries are made, ensuring we have almost all useful data

v2024.03.2 (2024-03-22)

Fixes

Added image tests to ensure collectors are built and bundled into image correctly
Added Nginx redirect to fix the documentation links to the collector data not always working
Benchmark editor now always add a command runner key and sanity checks confirms this
Hashes are built during installer upload, rather than as a separate step, limiting the chance they are out of sync

Benchmark Changes

Corrected commands there were missing runners
Fixed one collector lint warning

v2024.03.1 (2024-03-18)

Features

We’ve begun work on an “advanced collector” which will be more intelligent about which benchmarks to run, how they get executed, how errors get handled, and have other capabilities.
- This collector is packaged as a binary executable, rather than the existing human-readable scripts we use
- We’re interested in learning what you would need to get approval for the use of this new tool on your network, please let us know what you would need!
- Currently, it works with the Cisco FMC API, but the goal is to allow it to run all of our existing benchmarks. If you’re interested in looking at it, the initial documentation is at https://app.xylok.io/docs/detailed/build/docs/data-collection/advanced-collector
Changed to having interview answers be blank by default, rather than ‘Not yet answered’

Fixes

Added Cisco FMC as an OS options
Added SBOM and static analysis reports to Xylok. Currently, this only covers the new collector but we’ll likely expand this for other parts of Xylok.
Inherited count in CRA says ‘CCIs’ now instead of ‘controls,’ which was a little inaccurate

Benchmark Changes

RHEL 7, 8, and 9 updates
RHEL 8 v1r13 marked as customer ready
Added winserver-powershell OS tag, and applied to AD Domain and Forest STIGs
Corrected very old, bad Firewall SRG version (v1r01) with an incorrect date to make it not appear as “newest”
Readied latest Firewall SRG to allow it to work with new collector
Updated Google Chrome Current Windows STIG v2r9 and marked ready.
Updated VMware vSphere 7.0 vCenter STIG v1r3 and marked ready.
Updated VMware vSphere 7.0 Virtual Machine STIG v1r3 and marked ready.
Updated ESS Trellix Agent STIG v5r10 and marked ready.
Updated ESS Policy Auditor STIG v5r1 and marked ready.
Updated ESS Staging Server STIG v5r1 and marked ready.
Updated ESS Agent Handler STIG v2r3 and marked ready.
Updated ESS ePO 5.x STIG v2r13 and marked ready.
Updated ESS Policy Auditor STIG v5r1.
Updated ESS Staging Server STIG v5r1.
Updated ESS Agent Handler STIG v2r3.
Updated ESS ePO 5.x STIG v2r13.
Updated Trellix ENS 10.x STIG v2r13 and marked ready.
Updated Trellix Application Control 8.x STIG v2r2 and marked ready.
Updated ESS Trellix Agent STIG v5r10.

v2024.02.1 (2024-01-31)

Fixes

Removed typesense completely and started integration of new graphql server
Updated OSes to include RHEL 9
Added a lock around rebuilding most control rating sets to prevent issues with two rebuilds running simultaneously
Removed PP chunk size to avoid lambda request size limits
Added some more debugging/exception handling to the PP testing endpoint
Allow PP formatting requests to be downloaded successfully
Fixed CRA total numbers not adding up correctly

Benchmark Changes

Lots of work on RHEL 9 to bring out in this release. v1r1 is customer ready, v1r2 will be shortly as well.
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1. Updated audit_helper utility.
Marked v1r1 of RHEL 9 customer ready
Updated Cisco IOS Router NDM STIG v2r8.
Updated Cisco IOS Switch NDM STIG v2r8.
Updated Cisco IOS-XR Router NDM STIG v2r5.
Updated Cisco IOS-XE Switch NDM STIG v2r8.
Updated Cisco ISE NAC STIG v1r5.
Updated Cisco ISE NDM STIG v1r6.
Updated Cisco IOS-XE Router NDM STIG v2r9.
Updated Cisco NX-OS Switch NDM STIG v2r7.
Updated Cisco NX-OS Switch L2S STIG v2r3.
Updated MS SQL Server 2016 Database STIG v2r8.
Updated MS SQL Server 2016 Instance STIG v2r11.
Updated Microsoft Internet Explorer 11 STIG v2r5.
Updated Microsoft DotNet Framework 4.0 STIG v2r3.
Apache 2.4 Fix
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance PostgreSQL STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance PostgreSQL STIG v1r1.
Added PP to VMware vSphere 8.0 vCenter Appliance PostgreSQL STIG v1r1.
Added PP to VMWare vSphere 8.0 vCenter Appliance PostgreSQL STIG v1r1.
Scraped DISA STIGs as of 28 Jan 2024.
Scraper: Updated benchmark trend_micro_deep_security_9-x_stig, added version v2r1
Scraper: Updated benchmark toss_4_stig, added version v1r3
Scraper: Updated benchmark hw_android_9-x_cobo_stig, added version v1r2
Scraper: Updated benchmark hw_android_9-x_cope_stig, added version v1r2
Scraper: Updated benchmark edb_postgres_advanced_server_stig, added version v2r3
Scraper: Updated benchmark google_chrome_current_windows, added version v2r9
Scraper: Updated benchmark solaris_11_sparc_stig, added version v2r9
Scraper: Updated benchmark oracle_database_11-2g_stig, added version v2r4
Scraper: Updated benchmark edb_postgres_advanced_server_v11_on_windows_stig, added version v2r3
Scraper: Updated benchmark apple_ios-ipados_16_cobo-cope_stig, added version v1r3
Scraper: Updated benchmark mcafee_application_control_8-x_stig, added version v2r2
Scraper: Updated benchmark ess_epo_5-3_5-9_stig, added version v2r13
Scraper: Updated benchmark hbss_-_remote_console, added version v5r2
Scraper: Updated benchmark general_purpose_operating_system, added version v2r7
Scraper: Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, updated version v2r2
Scraper: Updated benchmark f5_big-ip_device_management_11-x_stig, updated version v2r2
Scraper: Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, updated version v2r2
Scraper: Updated benchmark sles_15_stig, added version v1r12
Scraper: Updated benchmark hbss_policyauditor, added version v5r1
Scraper: Updated benchmark mongodb_3-x_stig, added version v2r2
Scraper: Updated benchmark container_platform_srg, added version v1r5
Scraper: Updated benchmark ms_windows_server_2022_dns_stig, added version v1r1
Scraper: Added benchmark hpe_nimble_storage_array_ndm_stig, added version v1r2
Scraper: Updated benchmark mcafee_ens_10-x_local_client_stig, added version v1r6
Scraper: Updated benchmark ess_mcafee_agent_stig, added version v5r10
Scraper: Updated benchmark can_ubuntu_18-04_stig, added version v2r13
Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r8
Scraper: Updated benchmark apple_macos_13_stig, updated version v1r1
Scraper: Updated benchmark rhel_9_stig, added version v1r2
Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r8
Scraper: Updated benchmark postgresql_9-x_stig, added version v2r4
Scraper: Updated benchmark palo_alto_networks_alg_stig, added version v2r4
Scraper: Added benchmark apple_macos_14_stig, added version v1r1
Scraper: Updated benchmark oracle_database_12c_stig, added version v2r9
Scraper: Updated benchmark mongodb_enterprise_advanced_4-x_stig, added version v1r3
Scraper: Updated benchmark apple_macos_13_stig, updated version v1r3
Scraper: Updated benchmark redis_enterprise_6-x_stig, added version v1r3
Scraper: Updated benchmark mariadb_enterprise_10-x_stig, added version v1r3
Scraper: Updated benchmark database_generic, added version v3r4
Scraper: Updated benchmark apache_server_2-4_unix_server_stig, added version v2r6
Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r8
Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r11
Scraper: Added benchmark ms_exchange_2019_mailbox_server_stig, added version v1r1
Scraper: Added benchmark ms_exchange_2019_edge_server_stig, added version v1r1
Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r12
Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r13
Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r14
Scraper: Updated benchmark traditional_security_checklist, added version v2r5
Scraper: Updated benchmark hbss_rogue_sensor, added version v5r2
Scraper: Updated benchmark mcafee_tie-dxl_stig, added version v2r3
Scraper: Updated benchmark cisco_ios-xr_router_ndm_stig, added version v2r5
Scraper: Added benchmark epas_stig, added version v1r1
Scraper: Updated benchmark juniper_ex_ndm_stig, added version v1r5
Scraper: Updated benchmark oracle_linux_8_stig, added version v1r9
Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r8
Scraper: Updated benchmark crunchy_data_postgresql_stig, added version v2r2
Scraper: Updated benchmark oracle_mysql_8.0_stig, added version v1r5
Scraper: Updated benchmark cisco_ise_nac_stig, added version v1r5
Scraper: Updated benchmark cisco_ise_ndm_stig, added version v1r6
Scraper: Updated benchmark rhel_7_stig, added version v3r14
Scraper: Updated benchmark vmw_vsphere_7-0_vcenter_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_7-0_vca_photon_os_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_7-0_virtual_machine_stig, added version v1r3
Scraper: Updated benchmark rgs_rke2_stig, added version v1r4
Scraper: Updated benchmark hbss_staging_server, added version v5r1
Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r9
Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r13
Scraper: Updated benchmark tomcat_application_server_9_stig, added version v2r7
Scraper: Updated benchmark hbss_agent_handler, added version v2r3
Scraper: Updated benchmark bb_cylanceprotect_mobile_for_uem_stig, added version v1r2
Scraper: Updated benchmark hpe_3par_storeserv_3.3.x_stig, added version v1r2
Scraper: Updated benchmark rhel_8_stig, added version v1r13
Scraper: Updated benchmark solaris_11_x86_stig, added version v2r9
Scraper: Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r7
Scraper: Updated benchmark cisco_nx-os_switch_l2s_stig, added version v2r3
Scraper: Updated benchmark ie_11_stig, added version v2r5
Scraper: Updated benchmark ms_dot_net_framework, added version v2r3
Scraper: Updated benchmark oracle_linux_7_stig, added version v2r14
Scraper: Updated benchmark sles_12_stig, added version v2r13
Scraper: Updated benchmark ms_exchange_2016_mailbox_server_stig, added version v2r6
Scraper: Updated benchmark ms_exchange_2016_edge_transport_server_stig, added version v2r5
Scraper: Updated benchmark marklogic_server_v9_stig, added version v2r2
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r11

v2024.01.2 (2024-01-05)

Fixes

Fix CSRF/CORS error when using tRPC calls from the browser
N/As at the CCI level no longer override an inherited control’s status

v2024.01.1 (2024-01-03)

Features

CCI Ratings builds now use MAD risk as a starting point for raw technical risk. There’s also a limit to prevent you from raising the mitigated risk over the raw
- If the MAD doesn’t contain a raw risk (but the row does exist), assign it a default risk of Low
CCI rater displays related control/AP number at top of page
CCI rater mitigations are smarter about showing valid likelihood choices
Disable copying of technical liklihood when using ‘copy’ button on CCI rater

Fixes

CCI rater (and other forms) with non-searchable selections now works correctly
Updated PowerCLI
Added timestamp to mx logs
Numerous CRA fixes/improvements:
- More CRA fixes, including correctly showing CIA level
- Moved document listing to CRA report manager, rather than pulling from DB document listing
- Small boilerplate grammar fixes
- No longer say there were no high/mod findings if notable controls aren’t manually set for a report
- Report editor now sends targeted updates to server, rather than entire report. This allows for multiple users to edit the document at the same time.

Benchmark Changes

Initial commands/PP for VMWare 8 STIGs
Added PP module docs we were missing
Updated Splunk Enterprise 8 STIG v1r5.
Updated McAfee and ENS STIGs with updates from October 2023.
Updated Cisco STIGs with October 2023 updates.
Updated Microsoft IIS 8.5 and 10.0 STIGs with Oct 2023 changes.
Updated MS SQL Server 2016 Database STIG v2r7.
Updated Microsoft Office 365 ProPlus STIG v2r11.
Updated Windows PAW STIG v2r3.
Updated Microsoft Windows Defender Firewall with Advanced Security STIG, v2r2.
Updated Windows Server 2016, 2019, and 2022 STIGs with November changes.
Updated Windows Server 2012 DC and MS STIGs, v3r7.
Updated Windows 10 and Windows 11 STIGs.
Updated IOS XE Switch L2S STIG to include show vtp password
Scraped DISA STIGs 13 Dec 23.
Scraper: Added benchmark ss_android_os_14_kpe_3-x_cope_stig, added version v1r1
Scraper: Added benchmark ss_android_os_14_kpe_3-x_cobo_stig, added version v1r1
Scraper: Updated benchmark network_infrastructure_policy_stig, updated version v10r6
Scraper: Updated benchmark apple_macos_13_stig, updated version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_lookup_svc_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_photon_os_4-0_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_vami_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8.0_virtual_machine_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_envoy_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_esxi_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_sts_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_perfcharts_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_ui_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_postgresql_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcenter_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_8-0_vcsa_eam_stig, added version v1r1
Scraper: Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, updated version v2r1
Scraper: Updated benchmark f5_big-ip_device_management_11-x_stig, updated version v2r1
Scraper: Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, updated version v2r1
Scraper: Added benchmark ivanti_connect_secure_vpn_stig, added version v1r1
Scraper: Added benchmark ivanti_connect_secure_ndm_stig, added version v1r1
Scraper: Updated benchmark f5_big-ip_access_policy_manager_11-x_stig, added version v2r2
Scraper: Updated benchmark f5_big-ip_device_management_11-x_stig, added version v2r2
Scraper: Updated benchmark f5_big-ip_local_traffic_manager_11-x_stig, added version v2r2

v2023.11.1 (2023-11-03)

Features

Added API endpoint for creating manual scans

Fixes

Updated ‘all’ tag for OSes

Benchmark Changes

Oracle MySQL 8.0 - Initial Release
Added interview questions for Nutanix AOS App STIG
Scraped DISA STIGs 1 NOV 2023.
- Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r12
- Scraper: Updated benchmark ess_mcafee_agent_stig, added version v5r9
- Scraper: Updated benchmark ess_epo_5-3_5-9_stig, added version v2r12
- Scraper: Updated benchmark zebra_android_11_cobo_stig, added version v1r3
- Scraper: Updated benchmark web_server_srg, added version v3r2
- Scraper: Added benchmark vmw_vrealize_ops_mgr_cassandra_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_operations_manager_6-x_postgresql_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_operations_manager_6-x_sles_stig, added version v2r2
- Scraper: Updated benchmark vmw_vrealize_operations_manager_6-x_tcserver_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_operations_manager_6-x_application_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_postgresql_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_vidm_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_ha_proxy_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_tcserver_stig, added version v2r3
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_lighttpd_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_vami_stig, added version v1r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_sles_stig, added version v2r2
- Scraper: Updated benchmark vmw_vrealize_automation_7-x_application_stig, added version v1r2
- Scraper: Added benchmark vmm, added version v1r3
- Scraper: Added benchmark uc_endpoint_srg, added version v1r0.1
- Scraper: Added benchmark uc_session_management_srg, added version v1r0.1
- Scraper: Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v1r5
- Scraper: Updated benchmark sles_15_stig, added version v1r11
- Scraper: Updated benchmark sles_12_stig, added version v2r12
- Scraper: Updated benchmark rhel_8_stig, added version v1r12
- Scraper: Updated benchmark rhel_7_stig, added version v3r13
- Scraper: Added benchmark rh_openshift_container_platform_4-12_stig, added version v1r1
- Scraper: Updated benchmark rh_ansible_automation_controller_app_server_stig, added version v1r2
- Scraper: Updated benchmark oracle_linux_8_stig, added version v1r8
- Scraper: Updated benchmark oracle_linux_7_stig, added version v2r13
- Scraper: Updated benchmark network_wlan_ap-ig_mgmt_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_ap-nipr_mgmt_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_bridge_mgmt_stig, added version v7r2
- Scraper: Updated benchmark network_wlan_controller_mgmt_stig, added version v7r2
- Scraper: Updated benchmark ms_windows_server_2022_stig, added version v1r4
- Scraper: Updated benchmark windows_server_2019_stig, added version v2r8
- Scraper: Updated benchmark windows_server_2016_stig, added version v2r7
- Scraper: Updated benchmark windows_paw_stig, added version v2r3
- Scraper: Updated benchmark windows_firewall_with_advanced_security, added version v2r2
- Scraper: Updated benchmark windows_2012_ms_stig, added version v3r7
- Scraper: Updated benchmark windows_2012_dc_stig, added version v3r7
- Scraper: Updated benchmark microsoft_windows_11_stig, added version v1r5
- Scraper: Updated benchmark ms_windows_10_stig, added version v2r8
- Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r7
- Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r11
- Scraper: Updated benchmark iis_8-5_site_stig, added version v2r9
- Scraper: Updated benchmark iis_8-5_server_stig, added version v2r7
- Scraper: Updated benchmark iis_10-0_site_stig, added version v2r9
- Scraper: Updated benchmark iis_10-0_server_stig, added version v2r10
- Scraper: Updated benchmark ms_exchange_2016_mailbox_server_stig, added version v2r5
- Scraper: Updated benchmark kubernetes_stig, added version v1r11
- Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r11
- Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r13
- Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r9
- Scraper: Added benchmark google_android_14_cope_stig, added version v1r1
- Scraper: Added benchmark google_android_14_cobo_stig, added version v1r1
- Scraper: Added benchmark google_android_13_mdf_pp_3-3_byoad_stig, added version v1r1
- Scraper: Added benchmark google_android_13_byoad_stig, added version v1r1
- Scraper: Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r6
- Scraper: Updated benchmark cisco_ios-xr_router_ndm_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios-xr_router_rtr_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r7
- Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r9
- Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r8
- Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r7
- Scraper: Updated benchmark cisco_ios_switch_l2s_stig, added version v2r4
- Scraper: Updated benchmark cisco_ios_switch_rtr_stig, added version v2r5
- Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r7
- Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r6
- Scraper: Updated benchmark cisco_asa_vpn_stig, added version v1r3
- Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r6
- Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r10
- Scraper: Updated benchmark can_ubuntu_18-04_stig, added version v2r12
- Scraper: Updated benchmark apple_macos_13_stig, added version v1r3
- Scraper: Updated benchmark apple_macos_12_stig, added version v1r8
- Scraper: Updated benchmark apple_macos_11_stig, added version v1r8
- Scraper: Added benchmark apple_ios-ipados_17_stig, added version v1r1
- Scraper: Added benchmark apple_ios-ipados_16_mdfpp_3-3_byoad_stig, added version v1r1
- Scraper: Added benchmark apple_ios-ipados_16_byoad_stig, added version v1r1
- Scraper: Updated benchmark tomcat_application_server_9_stig, added version v2r6
- Scraper: Added benchmark rhel_9_stig, added version v1r1

v2023.10.1 (2023-10-12)

Fixes

Updated MAD for S6 March 2023 version
Corrected privileged port permission check for Podman
Removed Podman communicating via host. Regression appears to be fixed in whatever combination of kernel and Podman version is relatively current
Increase delay during setup before declaring Xylok dead
Control table in report now correctly allows moves and deletes
Added Nutanix AOS option to operating systems
Updated some deployment instructions

Benchmark Changes

Added commands for NUTANIX AOS 5.20.x OS STIG
Fixed command error in VMware vSphere 7.0 vCenter Appliance STS STIG.
Fixed several errors in Windows Server 2022 post-processing.
Updated several DotNet 4.0 Framework commands with ‘powershell’ OS tag.
Updated Windows Server data at rest checks to manual review for bitlocker alternatives.
Added commands to JRE 6 for UNIX STIG, due to overwhelming demand.
Updated MS SQL Server 2016 Instance check SQL6-D0-009900 command to resolve import/analysis/export issue.
Updated several SRG changes from July 2023.
Updated MS Office 365 ProPlus STIG v2r10.
Fixed command in IIS 10 Server STIG to filter for local accounts.
Fixed IE11 check.
Updated Windows 11 STIG v1r4.

v2023.08.1 (2023-08-31)

Features

CCI Rater now has a filter for ’technical’ ccis
Added ability to use an older version of a CCI Rating for the compare view
Added script to change machine IDs in the database

Fixes

Fixed a bug where deleting AA machine data was incorrectly deleting additional information
Fixed ability to remove benchmarks from a Scan only, without removing the benchmark from the machine as well
Prevent unauthenticated users from accessing generated files

Benchmark Changes

VMware:
- Updated several VMware STIGs with updates from Jul 2023.
- Added commands to VMWare vSphere 7.0 vCenter STIG.
- Completed VMWare vSphere 7.0 Virtual Machine STIG
- Completed VMWare ESXi 7.0 STIG, v1r1.
- VMware vSphere 7.0 vCenter Applicance UI STIG
- VMware vSphere 7.0 vCenter Appliance PostgreSQL STIG
- VMware vSphere 7.0 vCenter Appliance STS STIG
- VMware 7 RhttpProxy STIG commands
- VMware 7 VAMI STIG commands
- VMware 7 Perfcharts commands
- VMware 7 - Photon OS STIG commands
- VMware PP status fix.
RHEL:
- RHEL 8 Updates Added: Command update Post Processing
- RHEL 8 Interactive users updated to include ‘/bin/false’, ‘/bin/true’, ‘/usr/sbin/nologin’
- RHEL 8 v1r11 Updated commands that were modified from v1r10 Added PP for new commands Added PP for old commands
- RHEL 7 Interactive User Checks update Added shells to exclude of ‘/bin/false’, ‘/bin/true’, ‘/usr/sbin/nologin’
- RHEL 7 v3r12 Updates New commands and PP
Apache Command Bug: Replaced https -V with correct httpd -V in multiple cmd.sh files
Updated IE 11 STIG v2r4.
Updated Splunk 7 and 8 STIGs, v2r4 and v1r4, respectively.
Updated Mozilla Firefox STIG v6r5.
Updated several Cisco STIGs with Jul 2023 updates.
Updated MS SQL Server 2016 Instance STIG v2r10.
Scraped DISA STIG site on 20230728 and added CUI STIGs.
Scraped DISA for out of cycle updates since July.
Scraper: Updated benchmark network_infrastructure_policy_stig, updated version v10r5
Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r6
Scraper: Updated benchmark windows_server_2016_stig, updated version v2r6
Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r6
Scraper: Added benchmark ms_windows_server_2022_dns_stig, added version v1r0.1
Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r10
Scraper: Updated benchmark mcafee_ens_10-x_local_client_stig, added version v1r5
Scraper: Updated benchmark joint_regional_security_stack_stig, added version v2r3
Scraper: Updated benchmark vmw_vsphere_7-0_vca_lookup_svc_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_esxi_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_vca_photon_os_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_vca_eam_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_vca_postgresql_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_vca_sts_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_vami_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_virtual_machine_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_vcenter_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_7-0_vca_ui_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_postgresql_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_ui_tomcat_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_eam_tomcat_stig, added version v1r4
Scraper: Updated benchmark vmw_vsphere_6-7_vcenter_stig, added version v1r4
Scraper: Updated benchmark vmw_vsphere_6-7_vami-lighttpd_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_esxi_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r6
Scraper: Updated benchmark vmw_vsphere_6-7_rhttpproxy_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_sts_tomcat_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_virtual_machine_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_perfcharts_tomcat_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_virgo-client_stig, added version v1r2
Scraper: Updated benchmark vmware_vsphere_6-5_vcenter_server_for_windows_stig, added version v2r3
Scraper: Updated benchmark vmware_vsphere_6-5_esxi_stig, added version v2r4
Scraper: Updated benchmark vmware_vsphere_6-5_virtual_machine_stig, added version v2r2
Scraper: Updated benchmark vmware_nsx-t_distributed_fw_stig, added version v1r3
Scraper: Updated benchmark vmw_nsx-t_manager_ndm_stig, added version v1r3
Scraper: Updated benchmark vmw_nsx-t_t-0_gateway_fw_stig, added version v1r3
Scraper: Updated benchmark vmw_nsx-t_t1_gateway_fw_stig, added version v1r3
Scraper: Updated benchmark traditional_security_checklist, added version v2r4
Scraper: Updated benchmark samsung_android_10_knox_3-x_stig, added version v2r1
Scraper: Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v1r4
Scraper: Updated benchmark splunk_enterprise_7-x_for_windows_stig, added version v2r4
Scraper: Updated benchmark solaris_11_x86_stig, added version v2r8
Scraper: Updated benchmark solaris_11_sparc_stig, added version v2r8
Scraper: Updated benchmark sles_12_stig, added version v2r11
Scraper: Updated benchmark rhel_8_stig, added version v1r11
Scraper: Updated benchmark rhel_7_stig, added version v3r12
Scraper: Updated benchmark rgs_rke2_stig, added version v1r3
Scraper: Updated benchmark rancher_mcm_stig, added version v1r3
Scraper: Updated benchmark pan_prisma_cloud_compute_stig, added version v1r3
Scraper: Updated benchmark oracle_mysql_8.0_stig, added version v1r4
Scraper: Updated benchmark oracle_linux_8_stig, added version v1r7
Scraper: Updated benchmark oracle_linux_7_stig, added version v2r12
Scraper: Updated benchmark oracle_database_12c_stig, added version v2r8
Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r10
Scraper: Updated benchmark microsoft_onedrive, added version v2r3
Scraper: Updated benchmark ms_edge_stig, added version v1r7
Scraper: Updated benchmark ms_azure_sql_db_stig, added version v1r2
Scraper: Updated benchmark moz_firefox_stig, added version v6r5
Scraper: Updated benchmark kubernetes_stig, added version v1r10
Scraper: Updated benchmark juniper_ex_ndm_stig, added version v1r4
Scraper: Updated benchmark jamf_pro_v10-x_emm_stig, added version v2r1
Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r12
Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r12
Scraper: Updated benchmark ibm_db2_v10-5_luw_stig, added version v2r1
Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r8
Scraper: Updated benchmark hpe_3par_ssmc_ws_stig, added version v1r2
Scraper: Updated benchmark general_purpose_operating_system, added version v2r6
Scraper: Updated benchmark fs_nac_stig, added version v1r4
Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, added version v1r4
Scraper: Updated benchmark dns_srg, added version v3r1
Scraper: Updated benchmark container_platform_srg, added version v1r4
Scraper: Updated benchmark cisco_nx-os_switch_l2s_stig, added version v2r2
Scraper: Updated benchmark cisco_nx-os_switch_rtr_stig, added version v2r3
Scraper: Updated benchmark cisco_ios-xr_router_rtr_stig, added version v2r3
Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, added version v2r4
Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v2r4
Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r8
Scraper: Updated benchmark cisco_ios_switch_rtr_stig, added version v2r4
Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r5
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r9
Scraper: Updated benchmark bems_3-x_stig, added version v1r2
Scraper: Added benchmark bb_cylanceprotect_mobile_for_uem_stig, added version v1r1
Scraper: Updated benchmark application_security_development_stig, added version v5r3
Scraper: Added benchmark arcgis_server_10-3_stig, added version v2r1
Scraper: Updated benchmark application_server_srg, added version v3r4
Scraper: Updated benchmark apple_macos_13_stig, added version v1r2
Scraper: Updated benchmark apple_macos_12_stig, added version v1r7
Scraper: Updated benchmark tomcat_application_server_9_stig, added version v2r5
Scraper: Updated benchmark apache_server_2-4_unix_server_stig, added version v2r5
Scraper: Updated benchmark apache_server_2-4_unix_site_stig, added version v2r4

v2023.07.2 (2023-07-21)

Features

Improved Nessus scan importing. Status, when available, will be pulled in, along with matching up to STIGs if applicable.

Fixes

Auto-fixing of CCI rating duplicates doesn’t accidentally overwrite the requested client
More small CRA fixes. You can read the yellow-on-white text now.

Benchmark Changes

RHEL7 Bug Fix Command: Updated RHEL-07-010063 changed from CKL runner to direct CLI
RHEL7 PP bug fixes
Fixed some commands in Windows Server 2016, 2019, and 2022.

v2023.07.1 (2023-07-07)

Features

Moved full-text search to Postgres from Typesense. This should result in more reliable timings for searches, far less memory usage, and smaller installer sizes.
- Automatic CCI searching has also been tuned as a part of this, searching for phrases within the CCI rather than permutations of words
Added CLI management command to import eMASS TRs as Xylok CCI ratings
Added a tool for more easily tracking CCI “completion” status, based on your personal workflow. See the little gear icon on the side table of the CCI rater.

Fixes

CCI Rater will clean itself of duplicates.
CCI Rater compare view correctly fetches clients to compare.
CRA Reports now hide sections with no data (typically) and the yellow moderate text always uses a background instead of being unreadable
CRA dates are processed correctly in templates
Increase CRA report generation timeout to 5 minutes
Document references in reports now use a numbered list, in case you have more than 26.
Updated db deletion script to include latest tables
Editing an answer on a scan now updates the PP and raw values at the same time

Benchmark Changes

Numerous fixes or additions to RHEL 7 and 8 PP. Still not 100%, but it should be better!
Updated IIS 10.0 Site STIG, v2r8.
Updated IIS 10.0 Server STIG, v2r9.
Updated IIS 8.5 Server and Site STIGs, v2r6 and v2r8, respectively.
Updated MS SQL Server 2016 Instance STIG, v2r9.
Updated MS SQL Server 2016 Database STIG, v2r6.
Updated MS Office 365 ProPlus STIG, v2r9. (Covers Office 365, Office 2019, Office 2021 and Microsoft 365)

v2023.06.1 (2023-06-09)

Features

Added paged task API to tRPC and v2 REST API

Fixes

Removed error boundary which caused errors in JS pages to take over the whole page and put in a temporary work around to allow slow Typesense CCIs to still be editable
Reduced memory usage of post-processing by eliminating parallel processing
Upgraded to Node 20
Upgraded other dependencies

Benchmark Changes

Updated Active Directory Domain STIG, v3r3.
Updated ESS ePO 5.x STIG, v2r11 Updated ESS McAfee Agent STIG, v5r8 Updated McAfee ENS 10.x STIG, v2r11
Corrected two FreeBSD commands
Updated Windows Server 2012 DC STIG v3r6.
Updated Windows Server 2012 MS STIG v3r6.
Updated Windows Server 2016 STIG v2r6.
Updated Windows Server 2019 STIG v2r6 and v2r7.
Updated Windows Server 2022 STIG v1r2 and v1r3.

v2023.05.1 (2023-05-23)

Features

Switch to redis appendonly file for more robustness
Users can flag Documents to be included in CCI Rater auto-search or not
Clean typesense search periodically to ensure consistency with disk data
Added ability to copy reports between Clients
Added ability to get enabled features from API
Report Manager reports are now included in Client Export/Import
Added the ability to retag existing Xylok install with the latest Xylok image, allowing for easy recovery if an installation is failing to start

Fixes

Handle when no license is present correctly (ie, no installs)
Corrected systemctl unit file Alias, fixing error discussed in https://bugzilla.redhat.com/show_bug.cgi?id=2123927
Archive formats without document include_in_search info will import correctly
Removed deprecated typing.io import
allow machines to be nullable for trpc
Xylok images have benchmarks embeded inside again
CCI ratings with no review date no longer crash search
CCI rating and scan item bulk editing should correctly handle filters when selecting ‘Select All’ option
No longer error out on license display page if the license is not valid
Report writer row movement works again
No longer display CRA spreadsheet button on CCI rater
CRA no longer needs mitigating factors table to succeed
CRA spreadsheet view no longer overrides PDF
CKL and ACAS import fix, avoid returning duplicate checkCommands from simultaneous imports
Do not fail if using license with issued_to_poc present

Benchmark Changes

RHEL 8 v1r10 updates
- Addeded new PP
- Added -mount to finds that started at ‘/’
- Modified ’ls’ commands to use stat to minimize changes from scan to scan
Updated several Cisco STIGs:
- Cisco ASA FW v1r4
- Cisco ASA NDM v1r4, v1r5
- Cisco IOS XE Router NDM v2r7
- Cisco IOS XE Router RTR v2r7
- Cisco IOS XR Router NDM v2r3
- Cisco IOS XR Router RTR v2r2
- Cisco IOS Router NDM v2r5, v2r6
- Cisco IOS Router RTR v2r4
- Cisco IOS Switch NDM v2r5, v2r6
- Cisco IOS Switch RTR v2r3
- Cisco IOS XE Switch NDM v2r5, v2r6
- Cisco IOS XE Switch RTR v2r3
- Cisco ISE NAC v1r4
- Cisco ISE NDM v1r5
- Cisco NX OS Switch L2S v2r1
- Cisco NX OS Switch NDM v2r5
- Cisco NX OS Switch RTR v2r2
Updated Microsoft Windows 10 STIG v2r6 and v2r7, and marked ready.
RHEL 7: PP updates -mount added to all find commands that started at the top level
Added cmds to Solaris 10 SPARC and x86 STIGs, both v2r4.
Updated cmds for Solaris 11 SPARC and x86 STIGs, both v2r7.
Added questions to network infrastructure policy STIG
Added cmds and PP to Windows Server 2022 STIG v1r1 and marked ready.
RHEL 7 v3r10 updates to commands: RHEL 7 added -mount to all / finds
Updated JRE 8 Windows STIG v2r1 to account for 32-bit JRE installations.
Updated cmds and PP for MS SQL Server 2016 Instance and Database STIGs, v2r8 and v2r5.
Scraped out-of-cycle STIG updates on 18 May 23.
Scraper: Updated benchmark vpn, added version v2r5
Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r6
Scraper: Updated benchmark network_device_management_srg, added version v4r3
Scraper: Updated benchmark ms_windows_server_2022_stig, added version v1r3
Scraper: Updated benchmark windows_server_2019_stig, added version v2r7
Scraper: Updated benchmark microsoft_windows_11_stig, added version v1r4
Scraper: Updated benchmark ms_windows_10_stig, added version v2r7
Scraper: Updated benchmark juniper_router_ndm_stig, added version v2r3
Scraper: Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r5
Scraper: Updated benchmark cisco_ise_ndm_stig, added version v1r5
Scraper: Updated benchmark cisco_ios-xr_router_ndm_stig, added version v2r3
Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r6
Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r7
Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r6
Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r6
Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r5
Scraper: Updated benchmark cisco_asa_vpn_stig, added version v1r2
Scraped DISA and added CUI benchmark updates from Apr 2023.
Scraper: Updated benchmark toss_4_stig, added version v1r2
Scraper: Updated benchmark mcafee_ens_10-x_local_client_stig, added version v1r4
Scraper: Updated benchmark ess_epo_5-3_5-9_stig, added version v2r11
Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r11
Scraper: Updated benchmark joint_regional_security_stack_stig, added version v2r2
Scraper: Updated benchmark ess_mcafee_agent_stig, added version v5r8
Scraper: Updated benchmark ms_windows_server_2022_stig, updated version v1r1
Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_acf2, added version v6r8
Scraper: Updated benchmark microsoft_windows_11_stig, updated version v1r2
Scraper: Updated benchmark windows_server_2016_stig, updated version v2r5
Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r5
Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_racf, added version v6r9
Scraper: Updated benchmark ms_windows_10_stig, updated version v2r5
Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r5
Scraper: Updated benchmark uem_server_srg, added version v1r2
Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_tss, added version v6r9
Scraper: Updated benchmark windows_server_2019_stig, updated version v2r5
Scraper: Updated benchmark sles_15_stig, added version v1r10
Scraper: Updated benchmark sles_12_stig, added version v2r10
Scraper: Updated benchmark rhel_8_stig, added version v1r10
Scraper: Updated benchmark rhel_7_stig, added version v3r11
Scraper: Added benchmark rh_ansible_automation_controller_app_server_stig, added version v1r1
Scraper: Added benchmark rh_ansible_automation_controller_web_server_stig, added version v1r1
Scraper: Updated benchmark rgs_rke2_stig, added version v1r2
Scraper: Updated benchmark oracle_linux_8_stig, added version v1r6
Scraper: Updated benchmark oracle_linux_7_stig, added version v2r11
Scraper: Updated benchmark oracle_database_12c_stig, added version v2r7
Scraper: Updated benchmark network_wlan_ap-ig_platform_stig, added version v7r3
Scraper: Updated benchmark network_wlan_ap-nipr_platform_stig, added version v7r3
Scraper: Updated benchmark network_wlan_bridge_platform_stig, added version v7r2
Scraper: Updated benchmark network_wlan_controller_platform_stig, added version v7r3
Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r5
Scraper: Updated benchmark network_device_management_srg, added version v4r2
Scraper: Updated benchmark ms_windows_server_2022_stig, added version v1r2
Scraper: Updated benchmark windows_server_2019_stig, added version v2r6
Scraper: Updated benchmark windows_server_2016_stig, added version v2r6
Scraper: Updated benchmark windows_2012_ms_stig, added version v3r6
Scraper: Updated benchmark windows_2012_dc_stig, added version v3r6
Scraper: Updated benchmark microsoft_windows_11_stig, added version v1r3
Scraper: Updated benchmark ms_windows_10_stig, added version v2r6
Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r9
Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r6
Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r9
Scraper: Updated benchmark iis_8-5_site_stig, added version v2r8
Scraper: Updated benchmark iis_8-5_server_stig, added version v2r6
Scraper: Updated benchmark iis_10-0_server_stig, added version v2r9
Scraper: Updated benchmark iis_10-0_site_stig, added version v2r8
Scraper: Updated benchmark ie_11_stig, added version v2r4
Scraper: Updated benchmark kubernetes_stig, added version v1r9
Scraper: Updated benchmark juniper_ex_ndm_stig, added version v1r3
Scraper: Updated benchmark juniper_ex_rtr_stig, added version v1r3
Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r11
Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r10
Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r11
Scraper: Updated benchmark ibm_hardware_management_console_policies, added version v2r1
Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r7
Scraper: Updated benchmark cisco_nx-os_switch_rtr_stig, added version v2r2
Scraper: Updated benchmark cisco_nx-os_switch_l2s_stig, added version v2r1
Scraper: Updated benchmark cisco_nx-os_switch_ndm_stig, added version v2r4
Scraper: Updated benchmark cisco_ios-xr_router_rtr_stig, added version v2r2
Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v2r3
Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r5
Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r7
Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r6
Scraper: Updated benchmark cisco_ios_switch_rtr_stig, added version v2r3
Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r5
Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r4
Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r5
Scraper: Updated benchmark cisco_asa_fw_stig, added version v1r4
Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r4
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r8
Scraper: Updated benchmark can_ubuntu_18-04_stig, added version v2r11
Scraper: Added benchmark apple_macos_13_stig, added version v1r1
Scraper: Updated benchmark apple_macos_12_stig, added version v1r6
Scraper: Added benchmark apple_ios-ipados_16_cobo-cope_stig, added version v1r2
Scraper: Updated benchmark active_directory_domain, added version v3r3

v2023.04.1 (2023-04-05)

Fixes

Viewing a scan item that does not match the current scan item filter no longer causes the display to crash
Corrected links to some xylok-ca.crt and other items from docs

v2023.03.2 (2023-03-31)

Emergency release because we broke scan filtering. Sorry.

Fixes

Scan item filtering working again

v2023.03.1 (2023-03-28)

Major Features

CCI Rater has full integration with Document search utility
- Document search algorithm improvements, copy text/download buttons added to document search results
Added an option to restrict Client access based on User Groups. See docs for more details.
CCI rater now lets a control be marked as “inherited”, which impacts the eMASS TR export and CRA export
- If all CCIs for a control are inherited, the control is also considered inherited
- Inherited CCIs will not appear in eMASS TR export
CCI rater now has a Compare View, which allows CCI ratings to be copied from other clients.

Features

Xylok version number now appears at the top of stack traces
QoL changes in the CCI rater.
Added license-based feature control, allowing us to block off experimental or dangerous features more easily
On license page, include details about enabled features
Started introducing a new version of the API, available in both REST style with new OpenAPI documentation and via tRPC
- This is currently experimental: we are expanding and changing options, migrating is not recommended yet
- If you’d be interested in using tRPC, we could explore exposing the underlying Typescript definitions. Contact us for more information.
- tRPC/v2 API now returns numerical offset info for next/previous/current limit/current offset, rather than links.
Added S6-based CRA report generator (their new ATO report template).
- This is still experimental–we’ll start doing assessments with it in the next month or two and refine from there.
- Currently hidden behind a license lock currently, contact us if you’re interested in this functionality.
Added document paragraphs API. Refined document search for auto-search based on CCI definition.
Client filtering by name__icontains and any tombstone value in API calls.
Allow specifying client ID during uploads, for items which require it (ie, CKLs). This was actually in the last release, but we forgot the note.

Fixes

Prevented machine scripts API downloads from being displayed for all users. Sorry API users! If there are other API calls still doing this, let us know.
Clearing a set answer for a question now works properly
Updated underlying libraries
Fixed some links and formatting within documentation
eMASS TR includes extra columns that appear in a real TR export. It still imported fine, but this fix makes it visually match.
Docker health checks include API server now
In the CCI rater, disabled technical rating when Non-technical rating is Inherited or NA
Small cleanups on CLK import

Benchmark Changes

Updated Windows 11 STIG and marked ready. Added tags to allow Win11 (and Win Server 2022) collection with Xylok OS Baseline. Added Win Server 2022 OS to permit future work.
Removed RHEL5 SCAP-only version that was showing as newer than the actual manual STIG
Added interview questions to all HPE Nimble Storage Array checks
Updated PP and some commands for Adobe Acrobat Pro/Reader DC Classic/Continuous (4 STIGs), all v2r1.
Updated cmds and PP for MS .NET Framework 4 STIG, primarily to improve PP for older Windows OS versions.
Updated cmds and PP for Windows DNS STIG v2r5.
Scraped benchmark updates from DISA on 20 Mar 23.
Scraper: Added benchmark vmw_vsphere_7-0_virtual_machine_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vca_photon_os_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_esxi_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vca_postgresql_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vca_ui_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vca_rhttpproxy_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vca_perfcharts_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vami_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vcenter_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vca_lookup_svc_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vca_sts_stig, added version v1r1
Scraper: Added benchmark vmw_vsphere_7-0_vca_eam_stig, added version v1r1
Scraper: Added benchmark rb_netprofiler_stig, added version v1r1
Scraper: Added benchmark nutanix_aos_5-20-x_application_stig, added version v1r1
Scraper: Added benchmark nutanix_aos_5-20-x_os_stig, added version v1r1
Scraper: Added benchmark arista_mls_eos_4-2x_l2s_stig, added version v1r1
Scraper: Added benchmark arista_mls_eos_4-2x_ndm_stig, added version v1r1
Scraper: Added benchmark arista_mls_eos_4-2x_router_stig, added version v1r1
Scraper: Updated benchmark microsoft_windows_11_stig, updated version v1r2
Scraper: Updated benchmark windows_server_2016_stig, updated version v2r5
Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r5
Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r5
Scraper: Updated benchmark active_directory_domain, updated version v3r2
Scraper: Updated benchmark windows_server_2019_stig, updated version v2r5

v2023.02.1 (2023-02-09)

Features

New CCI rater is in place!
- Should be much faster and smoother
- Given the amount of information displayed, the design works best for 1080p+ screens
- New features are planned for it, including integration with the document search and comparison across clients
CCIs can now be marked as inherited
- Currently this has minimal impact on Xylok–inherited will be treated the same as Compliant
- If all CCIs under a control are inherited, that control will also appear as inherited
- Inheritance overriddes technical non-compliance
- The next step will be to have inheritance impact exports–not having those CCIs appear on TRs, in particular
- Inherited CCIs can be set using the Settings link from the CCI rater
Added API for Controls list
Allow user to change how group claims are mapped to Django

Fixes

Machine, Location, and Client APIs show tombstoned items now
Allow updating machine info without specifying benchmark IDs
Updated Active Directory documentation
Added logging for AD sign in debugging, fixed Azure group claims default argument

Benchmark Changes

Fixed multiple errors in McAfee VirusScan Enterprise 8.8 STIGs related to 32-bit OS’s.
Updated ESS ePO 5.x STIG v2r10, ESS McAfee Agent STIG v5r7, and McAfee ENS 10.x STIG v2r10, and marked all ready.
Updated MS Office 365 ProPlus STIG v2r8, and marked ready.
Updated IIS 10.0 Server STIG v2r8, IIS 8.5 Site STIG v2r7, IIS 8.5 Server STIG v2r5, and marked ready.
Updated Google Chrome STIG v2r8, and marked ready.
Updated Cisco ASA NDM STIG v1r3, Cisco IOS Router RTR STIG v2r3, and Cisco IOS-XE Router RTR STIG v2r6, and marked all ready.
Updated VMWare vSphere 6.7 vCenter STIG v1r3 and marked ready.
Updated Windows 10 STIG v2r5 and marked ready.
Updated IE 11 v2r3, again.
Updated Windows Server 2012 MS and DC STIGs, both v3r5, and marked ready.

Scraped Items

Scraped STIG updates and added 3 CUI updates from Jan 2023.
Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r10
Scraper: Updated benchmark ess_mcafee_agent_stig, added version v5r7
Scraper: Updated benchmark ess_epo_5-3_5-9_stig, added version v2r10
Scraper: Updated benchmark ss_android_os_13_kpe_3-x_cope_stig, added version v1r2
Scraper: Updated benchmark ss_android_os_13_kpe_3-x_cobo_stig, added version v1r2
Scraper: Updated benchmark solaris_11_x86_stig, added version v2r7
Scraper: Updated benchmark solaris_11_sparc_stig, added version v2r7
Scraper: Updated benchmark solaris_10_x86, added version v2r4
Scraper: Updated benchmark solaris_10_sparc_stig, added version v2r4
Scraper: Updated benchmark sles_15_stig, added version v1r9
Scraper: Updated benchmark sles_12_stig, added version v2r9
Scraper: Updated benchmark rhel_8_stig, added version v1r9
Scraper: Updated benchmark rhel_7_stig, added version v3r10
Scraper: Updated benchmark oracle_linux_8_stig, added version v1r5
Scraper: Updated benchmark oracle_linux_7_stig, added version v2r10
Scraper: Updated benchmark oracle_linux_6_stig, added version v2r7
Scraper: Updated benchmark oracle_http_server_12-1-3_stig, added version v2r2
Scraper: Updated benchmark oracle_database_12c_stig, added version v2r6
Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r4
Scraper: Updated benchmark netapp_ontap_dsc_9-x_stig, added version v1r3
Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r8
Scraper: Updated benchmark iis_8-5_server_stig, added version v2r5
Scraper: Updated benchmark iis_8-5_site_stig, added version v2r7
Scraper: Updated benchmark iis_10-0_server_stig, added version v2r8
Scraper: Updated benchmark kubernetes_stig, added version v1r8
Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r10
Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r9
Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r10
Scraper: Updated benchmark general_purpose_operating_system, added version v2r5
Scraper: Updated benchmark google_chrome_current_windows, added version v2r8
Scraper: Updated benchmark google_android_11_cope_stig, added version v2r1
Scraper: Updated benchmark google_android_11_cobo_stig, added version v2r1
Scraper: Updated benchmark google_android_10-x_stig, added version v2r1
Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r6
Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r3
Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r3
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r7
Scraper: Updated benchmark can_ubuntu_18-04_stig, added version v2r10
Scraper: Updated benchmark apple_os_x_10-15_stig, added version v1r10
Scraper: Updated benchmark apple_macos_12_stig, added version v1r5
Scraper: Updated benchmark apple_macos_11_stig, added version v1r7
Scraper: Updated benchmark apache_server_2-4_windows_server_stig, added version v2r3
Scraper: Updated benchmark apache_server_2-4_unix_server_stig, updated version v2r4
Scraper: Updated benchmark apache_server_2-4_unix_site_stig, added version v2r3

v2023.01.2 (2023-01-07)

Features

Added ability to defined staff and superusers when using AD authentication. See the Xylok Active Directory documentation for more information

Fixes

Hardware spreadsheet production no longer throws an exception

v2023.01.1 (2022-12-23)

Features

API for adding/removing/updating machines now available
All commands are now given default PP that marks the command as needing manual review (if there isn’t other PP)
Health check for docker now checks the proxy status as well

Fixes

Handle ACAS scans missing some data
‘Previous item’ link in scans actually does something
Show loading indicator while scan item values are loading
Small documentation fixes
Fixed a redirect issue in docs. Existing doc links may be broken as a result, so try going to /docs/ and searching from there if needed.
Fixed API yaml tags to be a bit more consistent
During server install, we wait for the background tasks to finish if it’s a clean install (ie, benchmarks are installing)
Excel documents with date cells can be imported correctly into document storage
Fixed issue with downloads not working in all circumstances by fully confirming job metadata by asking redis again
Handle if the benchmark archive in the cache was the empty file

Benchmark Changes

Allow PP tests using client to still work, even if client isn’t available
Added tool to fix deprecated badly escaped strings -> Fixed all badly escaped strings in PP
Updated OS-BL-000007 Powershell command to reduce errors.
Fixed typo in MS Edge STIG, EDGE-00-000001. Thanks, Thomas!
Merged HBSS-titled McAfee Agent and ePO STIGs into ESS-titled STIGs, and marked the ESS versions ‘protected’.
Updated RHEL 8 STIG
Updated Windows Server 2019 STIG v2r5 and marked ready.
Updated Windows Server 2016 STIG v2r5 and marked ready.
Updated Active Directory Domain STIG v3r2 and marked ready.
Updated some cmds and PP for Active Directory Forest STIG.
Updated some cmds and PP for Windows 10 STIG.
Updated some cmds and PP for Windows Server 2016 & 2019 STIGs.
Updated some cmds and PP for Windows 7 STIG.
Updated Splunk Enterprise 8.x for Linux STIG v1r3 and marked ready.
Updated Cisco ASA STIGs and marked ready.
Updated Palo Alto Network STIGs.
Updated Cisco IOS Switch and Router STIGs.
Updated Cisco IOS XE Router and Switch STIGs.
Updated Cisco ISE NDM STIG v1r4 and marked ready.
Updated Mozilla Firefox STIG v6r4 and marked ready.
Updated Microsoft DotNet Framework 4.0 STIG v2r2 and marked ready.
Updated Microsoft Edge STIG v1r6 and marked ready.
Updated Internet Explorer 11 STIG v2r3 and marked ready.
Updated IIS 10.0 Site and Server STIGs, both v2r7, and marked ready.
Updated MS Office 365 ProPlus STIG v2r7 and marked ready.
Updated MS SQL Server 2016 Database (v2r5) and Instance (v2r8) and marked ready.
Updated ESS ePO 5.x STIG v2r9 and marked ready.
Updated ESS McAfee Agent STIG v5r6 and marked ready.
Updated McAfee ENS 10.x v2r9 and marked ready.

Scraped Items

Scraper: Updated benchmark zos_ca_1_tape_management_for_tss_stig, added version v6r10
Scraper: Updated benchmark zos_clsupersession_for_tss_stig, added version v6r12
Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, added version v6r10
Scraper: Updated benchmark zos_cssmtp_for_tss_stig, added version v6r6
Scraper: Updated benchmark zos_netview_for_tss_stig, added version v6r9
Scraper: Updated benchmark zos_roscoe_for_tss_stig, added version v6r8
Scraper: Updated benchmark zos_hcd_for_tss_stig, added version v6r4
Scraper: Updated benchmark zos_bmc_ioa_for_tss_stig, added version v6r8
Scraper: Updated benchmark zos_bmc_control-m_restart_for_tss_stig, added version v6r6
Scraper: Updated benchmark zos_compuware_abend-aid_for_tss, added version v6r7
Scraper: Updated benchmark zos_bmc_mainview_for_zos_for_tss_stig, added version v6r8
Scraper: Updated benchmark zos_ca_mim_for_tss_stig, added version v6r4
Scraper: Updated benchmark zos_ca_vtape_for_tss_stig, added version v6r5
Scraper: Updated benchmark zos_bmc_control-d_for_tss_stig, added version v6r8
Scraper: Updated benchmark zos_srraudit_for_tss_stig, added version v6r5
Scraper: Updated benchmark zos_bmc_control-o_for_tss_stig, added version v6r8
Scraper: Updated benchmark zos_webspheremq_for_tss_stig, added version v6r4
Scraper: Updated benchmark zos_ca_auditor_for_tss_stig, added version v6r4
Scraper: Updated benchmark zos_tadz_for_tss_stig, added version v6r7
Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_tss, added version v6r8
Scraper: Updated benchmark zos_catalog_solutions_for_tss_stig, added version v6r5
Scraper: Updated benchmark zos_bmc_control-m_for_tss_stig, added version v6r10
Scraper: Updated benchmark zos_quest_nc-pass_for_tss_stig, added version v6r3
Scraper: Updated benchmark zos_ca_mics_for_tss_stig, added version v6r5
Scraper: Updated benchmark zos_ibm_health_checker_for_tss, added version v6r3
Scraper: Updated benchmark zos_ca_common_services_for_racf_stig, added version v6r3
Scraper: Updated benchmark zos_ca_mics_for_racf_stig, added version v6r5
Scraper: Updated benchmark zos_quest_nc-pass_for_racf_stig, added version v6r3
Scraper: Updated benchmark zos_vss_for_racf_stig, added version v6r8
Scraper: Updated benchmark zos_bmc_control-m_restart_for_racf_stig, added version v6r6
Scraper: Updated benchmark zos_ca_vtape_for_racf_stig, added version v6r5
Scraper: Updated benchmark zos_ca_1_tape_management_for_racf_stig, added version v6r10
Scraper: Updated benchmark zos_compuware_abend-aid_for_racf, added version v6r7
Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, added version v6r10
Scraper: Updated benchmark zos_webspheremq_for_racf_stig, added version v6r4
Scraper: Updated benchmark zos_tadz_for_racf_stig, added version v6r7
Scraper: Updated benchmark zos_hcd_for_racf_stig, added version v6r4
Scraper: Updated benchmark zos_catalog_solutions_for_racf_stig, added version v6r5
Scraper: Updated benchmark zos_ibm_health_checker_for_racf, added version v6r3
Scraper: Updated benchmark zos_cssmtp_for_racf_stig, added version v6r6
Scraper: Updated benchmark zos_bmc_control-m_for_racf_stig, added version v6r10
Scraper: Updated benchmark zos_clsupersession_for_racf_stig, added version v6r12
Scraper: Updated benchmark zos_bmc_mainview_for_zos_for_racf_stig, added version v6r8
Scraper: Updated benchmark zos_ca_mim_for_racf_stig, added version v6r4
Scraper: Updated benchmark zos_netview_for_racf_stig, added version v6r9
Scraper: Updated benchmark zos_ca_auditor_for_racf_stig, added version v6r4
Scraper: Updated benchmark zos_roscoe_for_racf_stig, added version v6r8
Scraper: Updated benchmark zos_srraudit_for_racf_stig, added version v6r5
Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_racf, added version v6r8
Scraper: Updated benchmark zos_bmc_control-o_for_racf_stig, added version v6r8
Scraper: Updated benchmark zos_bmc_ioa_for_racf_stig, added version v6r8
Scraper: Updated benchmark zos_bmc_control-d_for_racf_stig, added version v6r8
Scraper: Updated benchmark zos_bmc_control-m_for_acf2_stig, added version v6r10
Scraper: Updated benchmark zos_ca_mim_for_acf2_stig, added version v6r4
Scraper: Updated benchmark zos_ibm_health_checker_for_acf2, added version v6r3
Scraper: Updated benchmark zos_cssmtp_for_acf2_stig, added version v6r6
Scraper: Updated benchmark zos_netview_for_acf2_stig, added version v6r9
Scraper: Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, added version v6r10
Scraper: Updated benchmark zos_tadz_for_acf2_stig, added version v6r7
Scraper: Updated benchmark zos_webspheremq_for_acf2_stig, added version v6r4
Scraper: Updated benchmark zos_roscoe_for_acf2_stig, added version v6r9
Scraper: Updated benchmark zos_ca_1_tape_management_for_acf2_stig, added version v6r10
Scraper: Updated benchmark zos_clsupersession_for_acf2_stig, added version v6r12
Scraper: Updated benchmark zos_catalog_solutions_for_acf2_stig, updated version v6r4
Scraper: Updated benchmark zos_ca_auditor_for_acf2_stig, added version v6r4
Scraper: Updated benchmark zos_srraudit_for_acf2_stig, added version v6r5
Scraper: Updated benchmark zos_ca_vtape_for_acf2_stig, added version v6r5
Scraper: Updated benchmark zos_bmc_control-d_for_acf2_stig, added version v6r8
Scraper: Updated benchmark zos_quest_nc-pass_for_acf2_stig, added version v6r3
Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, added version v6r11
Scraper: Updated benchmark zos_ca_mics_for_acf2_stig, added version v6r5
Scraper: Updated benchmark zos_compuware_abend-aid_for_acf2, added version v6r7
Scraper: Updated benchmark zos_bmc_control-m_restart_for_acf2_stig, added version v6r6
Scraper: Updated benchmark zos_ibm_cics_transaction_server_for_acf2, added version v6r7
Scraper: Updated benchmark zos_bmc_control-o_for_acf2_stig, added version v6r8
Scraper: Updated benchmark zos_hcd_for_acf2_stig, added version v6r4
Scraper: Updated benchmark zos_bmc_ioa_for_acf2_stig, added version v6r8
Scraper: Added benchmark tanium_7-x_os_tanos_stig, added version v1r1
Scraper: Added benchmark tanium_7-x_application_tanos_stig, added version v1r1
Scraper: Added benchmark ss_android_os_13_kpe_3-x_cope_stig, added version v1r1
Scraper: Added benchmark ss_android_os_13_kpe_3-x_cobo_stig, added version v1r1
Scraper: Updated benchmark marklogic_server_v9_stig, updated version v2r1
Scraper: Updated benchmark mot_solutions_android_11_cobo_stig, updated version v1r2
Scraper: Updated benchmark cisco_ise_ndm_stig, updated version v1r4
Scraper: Updated benchmark cisco_ise_nac_stig, updated version v1r4
Scraper: Updated benchmark oracle_linux_8_stig, updated version v1r4
Scraper: Updated benchmark ms_office_365_proplus_stig, updated version v2r7
Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, updated version v2r5
Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, updated version v2r5
Scraper: Updated benchmark apple_macos_12_stig, updated version v1r4
Scraper: Updated benchmark moz_firefox_stig, updated version v6r4
Scraper: Updated benchmark juniper_srx_sg_vpn_stig, updated version v2r2
Scraper: Updated benchmark oracle_linux_7_stig, updated version v2r9
Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, updated version v2r3
Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, updated version v2r2
Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, updated version v2r4
Scraper: Updated benchmark ie_11_stig, updated version v2r3
Scraper: Updated benchmark solaris_10_x86, updated version v2r3
Scraper: Updated benchmark sles_15_stig, updated version v1r8
Scraper: Updated benchmark ms_dot_net_framework, updated version v2r2
Scraper: Updated benchmark ms_edge_stig, updated version v1r6
Scraper: Updated benchmark iis_10-0_server_stig, updated version v2r7
Scraper: Updated benchmark iis_10-0_site_stig, updated version v2r7
Scraper: Updated benchmark kubernetes_stig, updated version v1r7
Scraper: Updated benchmark application_security_development_stig, updated version v5r2
Scraper: Updated benchmark network_infrastructure_policy_stig, updated version v10r3
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, updated version v1r6
Scraper: Updated benchmark juniper_router_ndm_stig, updated version v2r2
Scraper: Updated benchmark active_directory_domain, updated version v3r1
Scraper: Updated benchmark application_server_srg, updated version v3r3
Scraper: Updated benchmark redis_enterprise_6-x_stig, updated version v1r2
Scraper: Updated benchmark ca_idms_stig, updated version v1r2
Scraper: Updated benchmark web_server_srg, added version v3r1
Scraper: Updated benchmark ibm_zvm_ca_vmsecure_stig, updated version v2r2
Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r4
Scraper: Updated benchmark network_wlan_ap-nipr_platform_stig, updated version v7r2
Scraper: Updated benchmark ms_sql_server_2014_instance_stig, updated version v2r3
Scraper: Updated benchmark ibm_zos_racf_stig, updated version v8r8
Scraper: Updated benchmark ibm_zos_tss_stig, updated version v8r7
Scraper: Updated benchmark ibm_zos_acf2_stig, updated version v8r8
Scraper: Updated benchmark mainframe_product_srg, updated version v2r1
Scraper: Updated benchmark sles_12_stig, updated version v2r8
Scraper: Updated benchmark cisco_asa_ndm_stig, updated version v1r2
Scraper: Updated benchmark cisco_asa_fw_stig, updated version v1r3
Scraper: Updated benchmark firewall_srg, updated version v2r3
Scraper: Updated benchmark ms_windows_10_stig, updated version v2r4
Scraper: Updated benchmark windows_server_2016_stig, updated version v2r4
Scraper: Updated benchmark windows_server_2019_stig, updated version v2r4
Scraper: Updated benchmark cisco_ios_router_rtr_stig, updated version v2r2
Scraper: Updated benchmark solaris_10_sparc_stig, updated version v2r3
Scraper: Updated benchmark rhel_7_stig, updated version v3r9
Scraper: Updated benchmark ms_sql_server_2016_instance_stig, updated version v2r8
Scraper: Updated benchmark ms_sql_server_2016_database_stig, updated version v2r5
Scraper: Updated benchmark ibm_aspera_platform_4-2_stig, updated version v1r2
Scraper: Updated benchmark palo_alto_networks_idps_stig, updated version v2r3
Scraper: Updated benchmark palo_alto_networks_ndm_stig, updated version v2r2
Scraper: Updated benchmark palo_alto_networks_alg_stig, updated version v2r3
Scraper: Updated benchmark central_log_server_srg, updated version v2r2
Scraper: Updated benchmark cisco_ios_switch_l2s_stig, updated version v2r3
Scraper: Updated benchmark cisco_ios_switch_rtr_stig, updated version v2r2
Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r4
Scraper: Updated benchmark oracle_mysql_8.0_stig, updated version v1r3
Scraper: Updated benchmark ibm_websphere_liberty_server_stig, updated version v1r2
Scraper: Updated benchmark google_chrome_current_windows, updated version v2r7
Scraper: Updated benchmark rhel_8_stig, updated version v1r8
Scraper: Updated benchmark mongodb_enterprise_advanced_4-x_stig, updated version v1r2
Scraper: Updated benchmark microsoft_windows_11_stig, updated version v1r1
Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, updated version v1r3
Scraper: Updated benchmark fn_fortigate_firewall_stig, updated version v1r3
Scraper: Added benchmark rgs_rke2_stig, added version v1r1
Scraper: Updated benchmark windows_server_2019_stig, added version v2r5
Scraper: Updated benchmark windows_server_2016_stig, added version v2r5
Scraper: Updated benchmark windows_2012_ms_stig, added version v3r5
Scraper: Updated benchmark windows_2012_dc_stig, added version v3r5
Scraper: Updated benchmark microsoft_windows_11_stig, added version v1r2
Scraper: Updated benchmark ms_windows_10_stig, added version v2r5
Scraper: Added benchmark ms_azure_sql_db_stig, added version v1r1
Scraper: Added benchmark ms_android_11_cobo_stig, added version v1r1
Scraper: Added benchmark ms_android_11_cope_stig, added version v1r1
Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r8
Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r9
Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r9
Scraper: Added benchmark hpe_3par_ssmc_ws_stig, added version v1r1
Scraper: Added benchmark hpe_3par_storeserv_3.3.x_stig, added version v1r1
Scraper: Added benchmark hpe_3par_ssmc_gpos_stig, added version v1r1
Scraper: Added benchmark google_android_13_cobo_stig, added version v1r1
Scraper: Added benchmark google_android_13_cope_stig, added version v1r1
Scraper: Updated benchmark cloud_computing_mission_owner_srg, updated version v1r0.1
Scraper: Added benchmark bems_3-x_stig, added version v1r1
Scraper: Updated benchmark active_directory_domain, added version v3r2
Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r9
Scraper: Updated benchmark mcafee_ens_10-x_local_client_stig, added version v1r3
Scraper: Added benchmark ess_mcafee_agent_stig, added version v5r6
Scraper: Added benchmark ess_epo_5-3_5-9_stig, added version v2r9
Scraper: Updated benchmark zebra_android_11_cobo_stig, added version v1r2
Scraper: Updated benchmark zebra_android_10_cobo_stig, added version v1r2
Scraper: Updated benchmark zebra_android_10_cope_stig, added version v1r2
Scraper: Updated benchmark web_server_srg, added version v2r4
Scraper: Updated benchmark vmw_vsphere_6-7_vcenter_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r5
Scraper: Updated benchmark vmware_nsx-t_distributed_fw_stig, added version v1r2
Scraper: Updated benchmark vmw_nsx-t_t-0_rtr_stig, added version v1r2
Scraper: Updated benchmark vmw_nsx-t_t1_gateway_fw_stig, added version v1r2
Scraper: Updated benchmark vmw_nsx-t_t-0_gateway_fw_stig, added version v1r2
Scraper: Updated benchmark vmw_nsx-t_manager_ndm_stig, added version v1r2
Scraper: Updated benchmark traditional_security_checklist, added version v2r3
Scraper: Updated benchmark tanium_7-x_stig, added version v1r2
Scraper: Updated benchmark cisco_ise_ndm_stig, updated version v1r3
Scraper: Updated benchmark cisco_ise_nac_stig, updated version v1r3
Scraper: Updated benchmark iis_10-0_site_stig, updated version v2r6
Scraper: Updated benchmark iis_10-0_server_stig, updated version v2r6
Scraper: Updated benchmark central_log_server_srg, updated version v2r1
Scraper: Updated benchmark apple_ios_12_stig, updated version v1r2
Scraper: Updated benchmark ibm_zvm_ca_vmsecure_stig, updated version v2r1
Scraper: Updated benchmark ms_sql_server_2016_instance_stig, updated version v2r7
Scraper: Updated benchmark ms_sql_server_2016_database_stig, updated version v2r4
Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, updated version v2r4
Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, updated version v2r4
Scraper: Updated benchmark google_chrome_current_windows, updated version v2r6
Scraper: Updated benchmark kubernetes_stig, updated version v1r6
Scraper: Updated benchmark sles_15_stig, updated version v1r7
Scraper: Updated benchmark solaris_10_sparc_stig, updated version v2r2
Scraper: Updated benchmark marklogic_server_v9_stig, updated version v1r1
Scraper: Updated benchmark mot_solutions_android_11_cobo_stig, updated version v1r1
Scraper: Updated benchmark rhel_8_stig, updated version v1r7
Scraper: Updated benchmark mainframe_product_srg, updated version v1r4
Scraper: Updated benchmark ca_idms_stig, updated version v1r1
Scraper: Updated benchmark cisco_ios_switch_l2s_stig, updated version v2r2
Scraper: Updated benchmark cisco_ios_switch_rtr_stig, updated version v2r1
Scraper: Updated benchmark sles_12_stig, updated version v2r7
Scraper: Updated benchmark rhel_7_stig, updated version v3r8
Scraper: Updated benchmark ms_sql_server_2014_instance_stig, updated version v2r2
Scraper: Updated benchmark application_server_srg, updated version v3r2
Scraper: Updated benchmark firewall_srg, updated version v2r2
Scraper: Updated benchmark cisco_ios_router_rtr_stig, updated version v2r1
Scraper: Updated benchmark juniper_srx_sg_vpn_stig, updated version v2r1
Scraper: Updated benchmark application_security_development_stig, updated version v5r1
Scraper: Updated benchmark mongodb_enterprise_advanced_4-x_stig, updated version v1r1
Scraper: Updated benchmark google_android_9-x_stig, updated version v1r1
Scraper: Updated benchmark ms_edge_stig, updated version v1r5
Scraper: Updated benchmark oracle_linux_8_stig, updated version v1r3
Scraper: Updated benchmark apple_macos_12_stig, updated version v1r3
Scraper: Updated benchmark palo_alto_networks_alg_stig, updated version v2r2
Scraper: Updated benchmark palo_alto_networks_ndm_stig, updated version v2r1
Scraper: Updated benchmark palo_alto_networks_idps_stig, updated version v2r2
Scraper: Updated benchmark oracle_mysql_8.0_stig, updated version v1r2
Scraper: Updated benchmark ibm_zos_racf_stig, updated version v8r7
Scraper: Updated benchmark ibm_zos_tss_stig, updated version v8r6
Scraper: Updated benchmark ibm_zos_acf2_stig, updated version v8r7
Scraper: Updated benchmark ms_dot_net_framework, updated version v2r1
Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, updated version v1r2
Scraper: Updated benchmark fn_fortigate_firewall_stig, updated version v1r2
Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, updated version v2r2
Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, updated version v2r3
Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, updated version v2r1
Scraper: Updated benchmark ms_office_365_proplus_stig, updated version v2r6
Scraper: Updated benchmark moz_firefox_stig, updated version v6r3
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, updated version v1r5
Scraper: Updated benchmark juniper_router_ndm_stig, updated version v2r1
Scraper: Updated benchmark solaris_10_x86, updated version v2r2
Scraper: Updated benchmark mot_android_9-x_cope_stig, updated version v1r1
Scraper: Updated benchmark mot_android_9-x_cobo_stig, updated version v1r1
Scraper: Updated benchmark redis_enterprise_6-x_stig, updated version v1r1
Scraper: Updated benchmark apple_ios_ipados_14_stig, updated version v1r2
Scraper: Updated benchmark oracle_linux_7_stig, updated version v2r8
Scraper: Updated benchmark cisco_asa_fw_stig, updated version v1r2
Scraper: Updated benchmark cisco_asa_ndm_stig, updated version v1r1
Scraper: Updated benchmark ibm_websphere_liberty_server_stig, updated version v1r1
Scraper: Added benchmark spec_innovations_innoslate_4.x_stig, added version v1r1
Scraper: Updated benchmark solaris_10_x86, added version v2r3
Scraper: Updated benchmark solaris_10_sparc_stig, added version v2r3
Scraper: Updated benchmark sles_15_stig, added version v1r8
Scraper: Updated benchmark sles_12_stig, added version v2r8
Scraper: Updated benchmark rhel_8_stig, added version v1r8
Scraper: Updated benchmark rhel_8_stig, updated version v1r7
Scraper: Updated benchmark rhel_7_stig, added version v3r9
Scraper: Updated benchmark rancher_mcm_stig, added version v1r2
Scraper: Updated benchmark redis_enterprise_6-x_stig, added version v1r2
Scraper: Updated benchmark palo_alto_networks_idps_stig, added version v2r3
Scraper: Updated benchmark palo_alto_networks_ndm_stig, added version v2r2
Scraper: Updated benchmark palo_alto_networks_alg_stig, added version v2r3
Scraper: Updated benchmark pan_prisma_cloud_compute_stig, added version v1r2
Scraper: Updated benchmark oracle_mysql_8.0_stig, added version v1r3
Scraper: Updated benchmark oracle_linux_8_stig, added version v1r4
Scraper: Updated benchmark oracle_linux_7_stig, added version v2r9
Scraper: Added benchmark ms_windows_server_2022_stig, added version v1r1
Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r8
Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r5
Scraper: Updated benchmark ms_sql_server_2014_instance_stig, added version v2r3
Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r7
Scraper: Updated benchmark iis_10-0_server_stig, added version v2r7
Scraper: Updated benchmark iis_10-0_site_stig, added version v2r7
Scraper: Updated benchmark ie_11_stig, added version v2r3
Scraper: Updated benchmark ms_edge_stig, added version v1r6
Scraper: Updated benchmark ms_dot_net_framework, added version v2r2
Scraper: Updated benchmark moz_firefox_stig, added version v6r4
Scraper: Updated benchmark mot_solutions_android_11_cobo_stig, added version v1r2
Scraper: Updated benchmark mot_android_9-x_cope_stig, added version v1r2
Scraper: Updated benchmark mot_android_9-x_cobo_stig, added version v1r2
Scraper: Updated benchmark mongodb_enterprise_advanced_4-x_stig, added version v1r2
Scraper: Updated benchmark marklogic_server_v9_stig, added version v2r1
Scraper: Updated benchmark mainframe_product_srg, added version v2r1
Scraper: Updated benchmark kubernetes_stig, added version v1r7
Scraper: Updated benchmark juniper_srx_sg_vpn_stig, added version v2r2
Scraper: Updated benchmark juniper_router_ndm_stig, added version v2r2
Scraper: Updated benchmark juniper_ex_ndm_stig, added version v1r2
Scraper: Updated benchmark juniper_ex_rtr_stig, added version v1r2
Scraper: Updated benchmark juniper_ex_l2s_stig, added version v1r2
Scraper: Updated benchmark ibm_zvm_ca_vmsecure_stig, added version v2r2
Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r8
Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r7
Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r8
Scraper: Updated benchmark ibm_websphere_liberty_server_stig, added version v1r2
Scraper: Updated benchmark google_chrome_current_windows, added version v2r7
Scraper: Updated benchmark google_android_9-x_stig, added version v2r1
Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, added version v1r3
Scraper: Updated benchmark fn_fortigate_firewall_stig, added version v1r3
Scraper: Updated benchmark firewall_srg, added version v2r3
Scraper: Updated benchmark cisco_ise_ndm_stig, added version v1r4
Scraper: Updated benchmark cisco_ise_nac_stig, added version v1r4
Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r5
Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r5
Scraper: Updated benchmark cisco_ios_xe_switch_l2s_stig, added version v2r3
Scraper: Updated benchmark cisco_ios_xe_switch_rtr_stig, added version v2r2
Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r4
Scraper: Updated benchmark cisco_ios_switch_l2s_stig, added version v2r3
Scraper: Updated benchmark cisco_ios_switch_rtr_stig, added version v2r2
Scraper: Updated benchmark cisco_ios_router_rtr_stig, added version v2r2
Scraper: Updated benchmark cisco_asa_ndm_stig, added version v1r2
Scraper: Updated benchmark cisco_asa_fw_stig, added version v1r3
Scraper: Updated benchmark central_log_server_srg, added version v2r2
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r6
Scraper: Added benchmark can_ubuntu_18-04_stig, added version v2r9
Scraper: Updated benchmark ca_idms_stig, added version v1r2
Scraper: Updated benchmark application_security_development_stig, added version v5r2
Scraper: Updated benchmark application_server_srg, added version v3r3
Scraper: Updated benchmark apple_macos_12_stig, added version v1r4
Scraper: Added benchmark apple_ios-ipados_16_stig, added version v1r1
Scraper: Updated benchmark apple_ios_ipados_14_stig, added version v1r3
Scraper: Updated benchmark apple_ios_12_stig, added version v2r1

v2022.10.1 (2022-10-17)

Major Features

Xylok now offers documentation storage and searching for your RMF artifacts (SSPs, SAGs, diagrams, HW/SW lists, etc)
- Excel docs, Word docs, and PDFs can be directly uploaded within Xylok. They will be associated with the currently selected client
- Xylok then allows the user to search across all those documents
- On the backend, search is powered by Typesense, an open-source text search database. Unfortunately, the binary for that is currently huge, so Xylok’s installer size has greatly increased in this release. We’ll see if there’s a way to bring that size down to under CD-size again, but didn’t want to delay the release.
Xylok’s user documentation is now built directly into Xylok
- See user menu -> Documentation
- Not currently searchable, although we might be able to utilize Typesense to add that in the future.

Features

When producing CKLs for an entire client you can select how the host name will export. When exporting individual scan CKLs, the most recently used export setting will be used.
eMASS TR exports now include a note about the last reviewed/updated date
Added/changed SAR control review sheet to include more of the calculation details
Display rule ID, vuln ID, and group title when viewing check details, plus allow searching by those items
Upgraded to Django 4.1
Upgraded to SolidJS 1.5
Upgraded to Alpine 3.10
Maximum characters per cell increased in output spreadsheets and applied correct line limits, per Microsoft’s documentation
Benchmarks will be imported in the background, rather than during install

Fixes

Documented scan APIs
Cleared up useless deprecation warning-causing import
Moved entirely to PDM with the virtual env in the actual core project
If a machine’s PPS data is corrupted, still allow PPSM generation for other devices

Benchmark Changes

Tomcat 9 commands and post processing
Updated IIS 10.0 Server and Site STIGs with July 2022 updates.
Updated IIS 8.5 Server and Site STIGs with Jul 22 updates.
Updated MS Office 365 ProPlus STIG v2r6 and marked ready.
Updated IE 11 STIG v2r2 and marked ready.
Added commands for Mozilla Firefox STIG v6r3 and marked ready.
Added XP support to McAfee 8.8 local client by allowing all Win 7 commands to run on XP
Added XP support to JRE8 batch commands
Added interviews to Windows XP checks.
Added interview questions to McAfee Application Control 8.x STIG v2r1.
Marked Cisco ISE NDM v1r3 ready.
Cisco ISE NDM v1r3 pp work.
Added command and interview cmds to Cisco ISE NAC STIG v1r3 and marked ready.
Marked Cisco ASA IPS STIG v1r1 ready.
Added interview cmds to Cisco ASA IPS STIG v1r1.
Updated Cisco IOS XE Switch NDM STIG v2r3 and marked ready.
Updated Cisco IOS XE Router NDM STIG v2r4 and marked ready.
Updated Cisco IOS Switch NDM STIG v2r4 and marked ready.
Updated MS Edge STIG v1r5 and marked ready.
Added interview questions for application_security_development_stig
Added interview questions for firewall_srg
Added interview questions for dns_srg
Added interview questions for idsp_srg
Added interview questions for network_device_management_srg
Added interview questions to router SRG
Added ‘all’ oses tag
Minor fixes in RHEL6 PP, added tests for uefi vs bios, better banner check
Added another child regex to CiscoIOS networkparser (password-policy)

v2022.08.25 (2022-08-25)

Features

Scan analysis is now fully JS-driven, which should make it faster and prevent losing search filters during navigation
Added a Control Groups filter in the CCI Rater
Added ability to copy comments from a CCI Rating to multiple CCI Ratings in the CCI Rater
Groups of CCI Ratings can be updated at once using Group CCI Rater
Xylok import selections allow for specific rating types to be selected
Updated API Documentation to include new POST methods to edit multiple rater/scan items simultaneously

Fixes

Fixed a bug which was causing the SAR reports to not use the latest ratings
Collection scripts no longer include (blank) sections for runners which don’t actually have any commands. This shouldn’t have any execution effect other than not confusingly saying the script is starting the network runner when you’re on an RHEL box

Benchmark Changes

RHEL-6 checks: copied 62-2 command and pp into 62-3. Fixed issue on 55
Scraper: Updated benchmark vvoip_technical, added version v3r15
Scraper: Updated benchmark voice_video_session_management, added version v2r2
Scraper: Updated benchmark vvoip_stig_policy, added version v3r18
Scraper: Updated benchmark voice_video_endpoint, added version v2r2
Scraper: Updated benchmark vtc_policy, added version v1r12
Scraper: Added benchmark tanium_7-x_stig, added version v1r1
Scraper: Updated benchmark samsung_android_os_9_knox_3-x_cope_kpe_legacy_stig, added version v1r5
Scraper: Updated benchmark samsung_os_9_knox_3-x_cobo_kpe_ae_stig, added version v1r4
Scraper: Updated benchmark samsung_android_os_9_knox_3-x_cobo_kpe_legacy_stig, added version v1r5
Scraper: Updated benchmark samsung_os_9_knox_3-x_cope_kpe_ae_stig, added version v1r4
Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_racf_stig, added version v6r9
Scraper: Updated benchmark ss_android_12_kpe_3-x_cope_stig, added version v1r2
Scraper: Updated benchmark ss_android_12_kpe_3-x_cobo_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_eam_tomcat_stig, added version v1r3
Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r4
Scraper: Added benchmark toss_4_stig, added version v1r1
Scraper: Updated benchmark ibm_aspera_platform_4-2_stig, updated version v1r1
Scraper: Updated benchmark tm_tippingpoint_idps_stig, added version v1r2
Scraper: Updated benchmark samsung_sds_emm_stig, added version v1r3
Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, added version v6r10
Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_tss_stig, added version v6r9
Scraper: Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v1r3
Scraper: Updated benchmark sles_15_stig, added version v1r7
Scraper: Updated benchmark sles_12_stig, added version v2r7
Scraper: Updated benchmark rhel_8_stig, updated version v1r7
Scraper: Updated benchmark rhel_8_stig, added version v1r7
Scraper: Updated benchmark rhel_7_stig, added version v3r8
Scraper: Updated benchmark postgresql_9-x_stig, added version v2r3
Scraper: Added benchmark pan_prisma_cloud_compute_stig, added version v1r1
Scraper: Updated benchmark oracle_linux_8_stig, added version v1r3
Scraper: Updated benchmark oracle_linux_7_stig, added version v2r8
Scraper: Updated benchmark oracle_database_12c_stig, added version v2r5
Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r3
Scraper: Updated benchmark netapp_ontap_dsc_9-x_stig, added version v1r2
Scraper: Added benchmark microsoft_windows_11_stig, added version v1r1
Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r6
Scraper: Updated benchmark iis_8-5_server_stig, added version v2r4
Scraper: Updated benchmark iis_8-5_site_stig, added version v2r6
Scraper: Updated benchmark iis_10-0_site_stig, added version v2r6
Scraper: Updated benchmark iis_10-0_server_stig, added version v2r6
Scraper: Updated benchmark ie_11_stig, added version v2r2
Scraper: Updated benchmark ms_exchange_2016_edge_transport_server_stig, added version v2r4
Scraper: Updated benchmark ms_edge_stig, added version v1r5
Scraper: Updated benchmark moz_firefox_stig, added version v6r3
Scraper: Added benchmark mariadb_enterprise_10-x_stig, added version v1r2
Scraper: Updated benchmark kubernetes_stig, added version v1r6
Scraper: Updated benchmark juniper_router_rtr_stig, added version v2r4
Scraper: Added benchmark juniper_ex_l2s_stig, added version v1r1
Scraper: Added benchmark juniper_ex_rtr_stig, added version v1r1
Scraper: Added benchmark juniper_ex_ndm_stig, added version v1r1
Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r7
Scraper: Updated benchmark ibm_aspera_platform_4-2_stig, added version v1r2
Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r6
Scraper: Updated benchmark general_purpose_operating_system, added version v2r4
Scraper: Updated benchmark fn_fortigate_firewall_stig, added version v1r2
Scraper: Updated benchmark fn_fortigate_firewall_ndm_stig, added version v1r2
Scraper: Updated benchmark edb_postgres_advanced_server_stig, added version v2r2
Scraper: Updated benchmark edb_postgres_advanced_server_v11_on_windows_stig, added version v2r2
Scraper: Updated benchmark database_generic, added version v3r3
Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, added version v2r4
Scraper: Updated benchmark cisco_ios_xe_switch_ndm_stig, added version v2r3
Scraper: Updated benchmark cisco_ios_switch_ndm_stig, added version v2r4
Scraper: Updated benchmark cisco_ios_router_ndm_stig, added version v2r4
Scraper: Updated benchmark crunchy_data_postgresql_stig, added version v2r1
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r5
Scraper: Updated benchmark u_can_ubuntu_18-04_stig, added version v2r8
Scraper: Updated benchmark avepoint_docave_6_stig, added version v1r2
Scraper: Added benchmark avepoint_docave_6_stig, added version v1r1
Scraper: Updated benchmark apple_os_x_10-15_stig, added version v1r9
Scraper: Updated benchmark apple_macos_12_stig, added version v1r3
Scraper: Updated benchmark apple_ios-ipados_15_stig, added version v1r3

v2022.07.1 (2022-07-21)

Features

Importing Xylok Archives will now allow for selecting which components (clients, scans, ratings, etc) to import
Xylok will now generate a certificate with a subject alternate name, rather than only a common name. This SAN can be controlled via the XYLOK_HOST setting, see https://support.xylok.io/kb/en/article/https-and-ssl-certificates for more details

Fixes

Importing network files now correctly displays the error message if they are missing a command
Client dashboard bug fix
Rater modals load correct data again
Importing ratings no longer wipes ratings for other clients
Added is_current to more rating tables in export
Sw list and pps information now get stored correctly as lists in database
Fixed issue with importing POA&M entries from archive
Automatically correct configuration if not DB password is set

Benchmark Changes

Removed show config command with an HPCom OS in Network L2 Switch.
RHEL 6 fixes:
- Removed smart quotes from command in RHEL 6, added pp for latest version
- Check correctly marks NA when IPv6 is disabled
Updated several Windows 10 checks to resolve module import error.
Fixed PP for older windows software collection
Updated Windows 7 - WINUR-000032 PP to correct false positive condition.
Scraper: Added benchmark mcafee_ens_10-x_local_client_stig, added version v1r1

v2022.06.2 (2022-06-27)

Major Features

Xylok manager works with Podman 4.x now

Features

Scans can now have individual benchmarks removed. Option is under the Scan Options menu when analyzing a scan. Closes #312
Rater tables now hide certain columns on smaller screens
CCI, POAM, RTM managers have multi-edit functionality
All Raters that use a ‘reviewed’ column can now mark items as ‘reviewed’ in bulk
Benchmark reference now says if a benchmark isn’t covered by the user’s license
Benchmarks show if the benchmark is licensed in the metadata section of the reference

Fixes

Scan Details page now correctly handles marking all items when filtered
Commands are always sorted in check analysis, letting them be stable regardless of edits
Removed unused check edit page, corrected edit links from machine/location/client findings listings
‘Use scan as AA baseline’ is working properly again.
Scan detail progress bar bug

Benchmark Changes

Added PAN-OS commands and PAN-OS to OS list
Added device model tracking for Cisco IOS
Added show vtp command to Cisco L2S benchmark
Made Win 10 software list correctly be marked as N/A again
Fixed IE8 DTBI765 command.
Updated Windows Server 2016 and 2019, both v2r4.
Updated Windows PAW v2r2.
Updated Windows 2012 DNS v2r5.
Updated Windows Server 2012 DC & MS, both v3r4.
Updated Windows 10 v2r4.
Updated MS Defender v2r4.
Updated McAfee ENS 10.x v2r7.
Updated HBSS ePO 5.x v2r7.
Marked Cisco IOS XE Router RTR v2r4 ready.
Updated Cisco ASA FW v1r2.
Updated Splunk 8 v1r2.
Updated MS SQL Server 2016 Database and Instance, v2r4 and v2r7, respectively.
Updated Mozilla Firefox v6r2.
Scraper: Updated benchmark mcafee_ens_10-x_stig, added version v2r7
Scraper: Updated benchmark hbss_epo_5-3_5-9_stig, added version v2r7
Scraper: Updated benchmark windows_server_2019_stig, added version v2r4
Scraper: Updated benchmark windows_server_2016_stig, added version v2r4
Scraper: Updated benchmark windows_paw_stig, added version v2r2
Scraper: Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, added version v2r5
Scraper: Updated benchmark windows_2012_ms_stig, added version v3r4
Scraper: Updated benchmark windows_2012_dc_stig, added version v3r4
Scraper: Added benchmark ms_windows_10_stig, added version v2r4
Scraper: Added benchmark ms_defender_antivirus, added version v2r4

v2022.06.1 (2022-05-31)

Major Features

Automated software list and benchmark recommendations:
- Xylok processes the software lists collected by the Xylok OS Baseline benchmark (automatically run on most scans) during post-processing. Software and versions are added to the machine and are now visible under the “Software” link in the machine details.
- The software list page will recommend benchmarks where possible and offer a single-click Add option.
- Benchmarks that should currently be automatically recommended are listed below. We’re working on adding more–please let us know if you have any requests or issues!
  - adobe_acrobat_pro_dc_classic_stig
  - adobe_acrobat_pro_dc_continuous_stig
  - adobe_acrobat_pro_dc_stig
  - adobe_acrobat_reader_dc_classic_track_stig
  - google_chrome_current_windows
  - google_search_applicance_stig
  - jre_7_unix_stig
  - jre_8_and_unix_stig
  - jre_8_and_windows_stig
  - mcafee_virusscan88_managed_client
  - microsoft_onedrive_for_business_2016
  - microsoft_sql_server_2012_database_instance_security_technical_implementation_guide
  - moz_firefox_stig
  - ms_office_365_proplus_stig
  - ms_sql_server_2014_database_stig
  - ms_sql_server_2014_instance_stig
  - ms_sql_server_2016_database_stig
  - ms_sql_server_2016_instance_stig
  - ms_sql_server_database_2012
  - ms_sql_server_installation_2012
  - ms_sql_server_instance_2012
  - splunk_enterprise_7-x_for_windows_stig
- Archive format now supports importing and exporting matching software version information
- Regardless of recomendations, the installed software list will appear as an additional column on the hardware spreadsheet. We’re looking into improving this format to more closely reflect how most AF/SF organization represent their HW/SW lists. If you have examples from your organization, we’d gladly use them to inform our approach.
ISOs and Zip archives of scripts
- In addition to ISOs for locations, locations can now produce a Zip-compressed archive of all machine scripts under them
- Downloading scripts for the entire client is now possible
- Breaking change: Script ISOs/archives are now built with descending directories for locations, rather than being flat at the location level. Location directories are prefixed with “__” to help distinguish them from machines in file listings. Previously all machines under a location were listed in a flat structure, regardless of child locations

Features

Upgraded to Postgres 13 and Debian Bullseye
Added rater row fetches to the API Documentation. Note that they’re all marked as internal use, so the format may be changed in the future.
Permission Errors now show a less ambiguous message
Upgraded blank setup database with latest migrations
Documentation fully moved from internal docs to external site (https://support.xylok.io)
Updated documentation regarding archive format
Limited nginx to TLS 1.2 and 1.3

Fixes

Checklist exports with CUI STIGs (HBSS is the most common example) can now be correctly imported into STIG Viewer. The latest version of STIG Viewer threw an error when a STIG had an ‘FOUO’ classification.
Restore script uses correct internal path for restoring file
Fixed issues with navigating using browser’s forward/back that did not return complete pages.
Fixed nav bar issues when navigating through history on some pages
Raters were not correctly excluding old data during filter and duplicate current rows in raters
“Add Group” bug fixed
Corrected losing the search filter when using the ’re-run pp’ button

Benchmark Changes

Updated MS Outlook 2016 v2r3.
Updated MS Office 365 ProPlus v2r5.
Updated Google Chrome v2r6.
RHEL 8 updates
Added commands and PP to Cisco ASA NDM v1r1.
Updated PP on Cisco NX-OS Switch RTR v2r1.
Scraper: Updated benchmark traditional_security_checklist, added version v2r2
Scraper: Added benchmark zebra_android_11_cobo_stig, added version v1r1
Scraper: Updated benchmark zos_roscoe_for_acf2_stig, added version v6r8
Scraper: Updated benchmark zos_bmc_mainview_for_zos_for_acf2_stig, added version v6r9
Scraper: Updated benchmark zos_ibm_system_display_and_search_facility_for_acf2_stig, added version v6r9
Scraper: Updated benchmark zos_ca_vtape_for_acf2_stig, updated version v6r4
Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r3
Scraper: Updated benchmark zos_ca_vtape_for_racf_stig, updated version v6r4
Scraper: Added benchmark ss_android_12_kpe_3-x_cobo_stig, added version v1r1
Scraper: Added benchmark ss_android_12_kpe_3-x_cope_stig, added version v1r1
Scraper: Updated benchmark zos_ca_vtape_for_tss_stig, updated version v6r4
Scraper: Added benchmark vmw_nsx-t_manager_ndm_stig, added version v1r1
Scraper: Added benchmark vmw_nsx-t_t1_gateway_fw_stig, added version v1r1
Scraper: Added benchmark vmware_nsx-t_distributed_fw_stig, added version v1r1
Scraper: Added benchmark vmware_nsx-t_sdn_controller_stig, added version v1r1
Scraper: Added benchmark vmw_nsx-t_t1_gateway_rtr_stig, added version v1r1
Scraper: Added benchmark vmw_nsx-t_t-0_rtr_stig, added version v1r1
Scraper: Added benchmark vmw_nsx-t_t-0_gateway_fw_stig, added version v1r1
Scraper: Updated benchmark splunk_enterprise_8-x_for_linux_stig, added version v1r2
Scraper: Updated benchmark sles_15_stig, added version v1r6
Scraper: Updated benchmark rhel_8_stig, added version v1r6
Scraper: Updated benchmark rhel_7_stig, added version v3r7
Scraper: Added benchmark rancher_mcm_stig, added version v1r1
Scraper: Updated benchmark palo_alto_networks_ndm_stig, added version v2r1
Scraper: Updated benchmark oracle_linux_8_stig, added version v1r2
Scraper: Updated benchmark oracle_linux_7_stig, added version v2r7
Scraper: Updated benchmark oracle_database_12c_stig, added version v2r4
Scraper: Updated benchmark network_wlan_ap-ig_platform_stig, added version v7r2
Scraper: Updated benchmark network_wlan_ap-nipr_platform_stig, added version v7r2
Scraper: Updated benchmark network_wlan_controller_platform_stig, added version v7r2
Scraper: Updated benchmark network_infrastructure_policy_stig, added version v10r2
Scraper: Updated benchmark ms_sql_server_2016_instance_stig, added version v2r7
Scraper: Updated benchmark ms_sql_server_2016_database_stig, added version v2r4
Scraper: Updated benchmark microsoft_sharepoint_server_2013, added version v2r3
Scraper: Updated benchmark microsoft_outlook_2016, added version v2r3
Scraper: Updated benchmark ms_office_365_proplus_stig, added version v2r5
Scraper: Updated benchmark moz_firefox_stig, added version v6r2
Scraper: Added benchmark mot_solutions_android_11_cobo_stig, added version v1r1
Scraper: Added benchmark mongodb_enterprise_advanced_4-x_stig, added version v1r1
Scraper: Updated benchmark mongodb_3-x_stig, added version v2r1
Scraper: Updated benchmark kubernetes_stig, added version v1r5
Scraper: Updated benchmark juniper_router_rtr_stig, added version v2r3
Scraper: Updated benchmark juniper_router_ndm_stig, added version v2r1
Scraper: Updated benchmark ibm_zos_tss_stig, added version v8r6
Scraper: Updated benchmark ibm_zos_racf_stig, added version v8r7
Scraper: Updated benchmark ibm_zos_acf2_stig, added version v8r6
Scraper: Added benchmark ibm_aspera_platform_4-2_stig, added version v1r1
Scraper: Updated benchmark ibm_aix_7-x_stig, added version v2r5
Scraper: Added benchmark hpe_nimble_storage_array_stig, added version v1r1
Scraper: Updated benchmark general_purpose_operating_system, added version v2r3
Scraper: Updated benchmark google_chrome_current_windows, added version v2r6
Scraper: Updated benchmark firewall_srg, added version v2r2
Scraper: Updated benchmark enclave_-_zone_d, added version v1r6
Scraper: Updated benchmark enclave_-_zone_b, added version v1r6
Scraper: Updated benchmark enclave_-_zone_a, added version v1r6
Scraper: Updated benchmark enclave_-_zone_c, added version v1r6
Scraper: Updated benchmark cisco_ise_ndm_stig, added version v1r3
Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, added version v2r4
Scraper: Updated benchmark cisco_asa_fw_stig, added version v1r2
Scraper: Updated benchmark canonical_ubuntu_20-04_lts_stig, added version v1r4
Scraper: Updated benchmark u_can_ubuntu_18-04_stig, added version v2r7
Scraper: Updated benchmark apple_os_x_10-15_stig, added version v1r8
Scraper: Updated benchmark apple_os_x_10-14_stig, added version v2r6
Scraper: Updated benchmark apple_os_x_10-13_stig, added version v2r5
Scraper: Updated benchmark apple_macos_12_stig, added version v1r2
Scraper: Updated benchmark apple_macos_11_stig, added version v1r6

v2022.04.3 (2022-04-21)

Major Features

The new sorting and filtering from the CCI and Control raters is now also applied to the RTM, Technical and POA&M tools

Features

When importing data that requires a pre-selected client, the error message should be more intuitive.
HW Spreadsheet now includes compliance scores in last two columns
Updated file import to handle new STIG Viewer .ckl files

Fixes

Automatic Analysis updates:
- Maintenance process now ensures AA database remains valid and removes duplicate entries if they exist
- Copying AA values from one family to another no longer gives an error
- AA creation has an explicit lock around it, rather than relying on only having a single process registered for handling AA
DB maintenance process cleans unused checks from the DB and ensures all referenced checks have a valid benchmark version associated with them. This should have minimal user impact.
Corrected some CKL export issues
Hitting arrows keys correctly navigates between checks in benchmark view
Postprocessing button in analysis view now keeps filters
Prev/next buttons on analysis page retain filter criteria
Allow old scan data to load if no recommendation status was set in additional_output

Benchmark Changes

The internal NetworkParse library will better handle Cisco configuration files with ‘unusual’ indentation by somewhat understanding what commands are permitted to have children. If you encounter changes to your processing because of these changes, let us know!
Marked RHEL 8 v1r5 as customer ready
Added PP to Cisco IOS-XE Switch RTR v2r1.
Added PP to Cisco IOS-XE Router RTR v2r3
Added PP to Cisco IOS Switch RTR v2r1
Updated PP on Cisco IOS Router RTR and NX-OS Switch RTR based on testing
Minor correction to PP on single Cisco IOS Router RTR check

v2022.04.2 (2022-04-05)

Fixes

Imported files correctly show redirection/view link
PP no longer errors out
Fixed view changes in analysis erasing search filter

v2022.04.1 (2022-04-05)

Emergency release to fix an issue preventing automatic analysis from running.

Fixes

No longer fully family ID from the wrong location during AA
AA moved to a single new table with integrated command values and a update date
Task sidebar monitor has an icon for when tasks have an action needed
Archives with benchmarks with no versions (uncommon) can still be successfully imported

v2022.03.1 (2022-03-28)

Major Features

Automatic analysis has seen a number of major updates.
- There are now three AA pools: machine, family, and “universal”. Previously only family and universal existed. This change allows machine-specific selections to stay consistent across AA runs.
- Updated Data Analysis documentation with more details about how AA works internally, with a full example across multiple machines. (https://xylok.notion.site/Data-Analysis-168a4af4d49e4c8db16086762837df28)
- During AA for a single scan, you can now select which AA pools to use. See updated documentation for more details about how AA works.
- Allow AA items to represent all possible finding statuses. Previously they would only save Compliant, Noncompliant, and N/A. As a consequence, when you unmark an item we no longer re-mark that item the next time AA is run.
- Breaking Change: The majority of AA data should carry forward with no changes. However, AA entries were post-processing recommendations were overriden will not carry forward.
- Universal AA pool can now be exported by logged-in users from the User Menu. Individual benchmark AA pools are no longer exportable via the benchmark page.
- When exporting a client with scan data, AA data for all client machines, families, and the universal pool will be exported.
- If you need to drop AA data for a machine because items were incorrectly marked, you can now delete a machine’s data pool from the Machine Details’ Options dropdown.
- Family data can be deleted in the same way, from the corresponding Family Details page.

Features

CCI rater modal always shows link to ‘all items’ and all related items view shows everything, regardless of status
The scan item list (when you first go to analyze a scan) has a new search! This is an early version of the search–some improvements in this and similar search dialogs will appear in the next release. We’ll add more detailed documentation when that release gets pushed, but for now: pressing / will open and focus the search, Enter to apply, Escape to close.

Fixes

Empty and commands with no OSes are now fatal errors in our tooling, so users should never see a check with a command that mysteriously doesn’t run.
CCI rater modal was showing the finding count as N/As. Now it shows the actual N/A count, like you’d expect.
Diff with previous check data has colors correctly set
Prevent wrapping of CCI numbers in control rater and benchmark IDs in benchmark browser
Client export when families exist works, closes #285
AA data with an inconclusive status will be migrated to not a finding (this was causing AA issues for some users)
More reliably force the settings page on the raters if not configured
Enabled proxy keepalives per Nginx recommendations
ADFS login redirect should work again
Scan comparison no longer throws an exception

Benchmark Changes

We no longer print the PP recommendations at the end of the output. This is a breaking change that will reset AA for items where PP recommendations were overridden. Because other AA changes are being implemented in this release, this should consolidate any additional workload to a single cycle.
Updated MS Office 365 to v2r4.
Populated commands for latest Cisco IOS, IOS XE and IOS XR Router RTR STIGs.
Added commands for latest Cisco NX-OS Switch RTR, NDM, and L2S.
Populated Cisco NX-OS Switch NDM v2r3 commands.
Added PP to Cisco NX-OS Switch NDM v2r3.
Added PP to Cisco NX-OS Switch NDM v2r3.
Added PP to Cisco NX-OS Switch RTR v2r1.
Added PP to Cisco IOS Switch NDM v2r3.
Added PP to Cisco IOS Router NDM v2r3.
Added PP to Cisco IOS XE Router NDM v2r3.
Added PP to Cisco IOS XE Switch L2S v2r2.
Added PP to Cisco IOS XE Switch NDM v2r2.
Added PP to Cisco IOS XR Router NDM v2r2.
RHEL 7 - Fixed broken post-processing on RHEL-07-010340
RHEL 8 - Command and Post Processing updates
SUSE 15 - PP and test cases
Updated VMWare VSphere 6.7 ESXi, vCenter, Virtual Machine STIGs, all v1r2.
Missing OSes fixed for RHEL 5, MacOS 11, SuSe zlinux, SLES 15, web policy, Ubuntu 20.04, and Windows 2008 r2 DC
Updated Windows 10 BitLocker Network Unlock configuration (WN10-00-000031) to be manual review.

v2022.02.2 (2022-02-17)

Major Features

SCAP scans can now be uploaded from Xylok’s GUI. Process is the same as CKLs–see “Uploading to Xylok” documentation page for more details.

Features

Django form errors have styling added
Login virtually always takes you back to your original page now

Fixes

Individual findings spreadsheet can be produced again
Creating users via the admin interface no longer complains about a missing password
Worked around a regression in Podman 3.4
Client dashboard redirect has correct URL to cci rater
CKL exports with idential STIG IDs in a single CKL correctly match finding detail data to the check (before the same data would be replicated across matching STIG IDs)

Benchmark Changes

Another fix to rule IDs. Should help with the reliability of CKL’s interoperability.
Marked Splunk 8.x v1r1 ready.
More tests and PP updates on Splunk 8.x.
Minor update on Splunk 7.x PP.
Old Windows Firewall removed
Cleaned up Network-Perimeter Layer 3 Switch v8r32.
Cleaned up Network-Firewall v8r25.
Updated Windows 10, WN10-SO-000280 to account for 24 hour times.
Updated IIS 10.0 Site v2r5.
Updated IIS 10.0 Server v2r5.
Updated IIS 8.5 Site v2r6.
Updated McAfee ENS 10.x v2r6.
Updated MS SQL Server 2014 Instance v2r2.
Updated MS SQL Server 2016 Database v2r3 & Instance v2r6.
Updated HBSS ePO 5.x v2r6.
Updated HBSS McAfee Agent v5r5
Updated MS Office System 2016 v2r2.
Updated McAfee VirusScan 8.8 Managed Client v6r1.
Updated McAfee VirusScan 8.8 Local Client v6r1.
Scraper: Updated benchmark vmw_vsphere_6-7_postgresql_stig, updated version v1r1
Scraper: Updated benchmark vmw_vsphere_6-7_esxi_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_eam_tomcat_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_perfcharts_tomcat_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_ui_tomcat_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_sts_tomcat_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_rhttpproxy_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_vcenter_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_photon_os_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_virtual_machine_stig, added version v1r2
Scraper: Updated benchmark vmw_vsphere_6-7_vami-lighttpd_stig, added version v1r2
Scraper: Updated benchmark cisco_ios-xe_router_rtr_stig, updated version v2r3
Scraper: Updated benchmark cisco_ios-xe_router_ndm_stig, updated version v2r3
Scraper: Updated benchmark windows_10_stig, updated version v2r3
Scraper: Updated benchmark microsoft_windows_2012_server_domain_name_system_stig, updated version v2r4
Scraper: Updated benchmark windows_firewall_with_advanced_security, updated version v2r1
Scraper: Updated benchmark general_purpose_operating_system, updated version v2r2
Scraper: Updated benchmark windows_2012_ms_stig, updated version v3r3
Scraper: Updated benchmark apache_server_2-4_unix_server_stig, updated version v2r3
Scraper: Updated benchmark windows_server_2019_stig, updated version v2r3
Scraper: Updated benchmark windows_2012_dc_stig, updated version v3r3
Scraper: Updated benchmark windows_firewall, updated version v1r7
Scraper: Updated benchmark windows_server_2016_stig, updated version v2r3
Scraper: Updated benchmark fs_nac_stig, updated version v1r3
Scraper: Updated benchmark u_can_ubuntu_18-04_stig, updated version v2r6
Scraper: Updated benchmark windows_paw_stig, updated version v2r1
Scraper: Updated benchmark active_directory_domain, updated version v3r1
Scraper: Added benchmark apple_macos_12_stig, added version v1r1

v2022.02.1 (2022-02-01)

Fixes

Importing Xylok archives correctly pins benchmark versions. This was preventing importing Xylok archives from actually importing assigned machine benchmarks.

v2022.01.2 (2022-01-31)

Major Features

CKL import has been improved and moved to the web interface, see updated docs under “Upload to Xylok” for more information.
- CKL import now ties data to CCI’s if possible and will create commands on the fly as needed
- CKL import wizard allows client selection as well
- These improvements allow more flexibility in the benchmarks being imported. As long as the CKL matches an existing benchmark, even if Xylok does not have commands in place for it or it’s not under your license, you can import CKL data and have it tie the the CCI rater and other reports.
POA&M header can be controled via new POA&M settings, allowing the system name and other specific details to be filled in during generation

Features

More improvements to the ACAS importing wizard
Cleaned up task monitor page, much clearer when jobs are in different states
Added backup-cleanup.sh script and supporting docs
Better detection for when raters need to be rebuilt, mitigating a common 500 error when clicking a rater row that has not been built yet. This does not eliminate the need to rebuild manually at this point–not all “rebuild-required” cases are detecteed.

Fixes

Check Rule IDs are correctly applied again–they had accidentally been located in the expert comments. The most significant issue with this was CKL exports, which would have invalid IDs.
Mobile menu fully working again
Handle ‘choice’ type questions the same as ‘choices’
Try to be even more robust in our python search. Might still allow the Xylok manager to work even if Python is not in the PATH.
During benchmark imports, don’t try to correct RTM settings which don’t exist
Django messages are now correctly displayed on all pages
User email password reset flow working
Upload API via token is working again
User password changes no longer kick to the Django admin style view
No longer display password reset link when email isn’t configured.
User’s passwords can be directly fixed in the user admin page
Task monitor always switches priority to newest created window, making it more likely it initiates downloads in the user’s active window
No longer show rebuild jobs in the task monitor, led to confusing double entries when importing scans and the scan comparison job also appeared
Fixed a bug which would prevent POA&M from being built when underlying benchmark data was tombstoned

Benchmark Changes

Updated MS Edge PP
Updated MS Edge benchmark question
Updates to MS Edge STIG v1r4.
Update and marked Google Chrome v2r5 ready.
RHEL 8 PP syntax errors fixed in RHEL-08-010050 and RHEL-08-010070
Fixed RHEL-06-000315, now displays raw output
Cisco Firewall fix for NET0820
Updated MS Outlook 2016 v2r2, and removed duplicative try/excepts.
Added additional examples for Cisco IOS Switch L2S tests
Updated more Cisco IOS Switch L2S PP
Updated Cisco IOS Switch L2S PP
RHEL 7 RHEL-07-021350 - Changed Post Processing to check for a str value of 1 instead of int value
Post Processing Updates: SLES-15-010030 SLES-15-010180 SLES-15-010430
Commands populated for Cisco IOS Switch RTR STIG v2r1.

v2022.01.1 (2022-01-13)

Major Features

Nessus result importing is now supported, see “Uploading to Xylok” in the updated documentation. Please report any issues you find to support@xylok.io!

Features

PP processor now makes an internal note when an exception is caught–the goal is to make this a searchable attribute during analysis.
When loading the installation license, add benchmarks which have changed IDs to the license as well.
When benchmarks are merged, we now migrate existing assignments of the old benchmark to the new ID. Between this and the previous change, customers with the “old” ID on their license don’t need to take any action to jump to the updated benchmark from DISA.

Fixes

Small fix to PSQL runner to prevent errors outputting the command in the result file. Should have no notable affect on results
Reduce error messages in logs when MX process isn’t able to clean a directory. No notable impact on operation
Newly created clients are now automatically selected as the current client, closes #263
Use shell entrypoint for health check to ensure environment is configured correctly, closes #264
Increase healthcheck time to allow full ready check to work more reliably
When building releases, we always use the same-tagged version of the benchmark repo for a more reproducible build.
Database restore script works again
Navigating between scan items from analysis page now saves changes correctly
Fixed hotkeys and character escaping in analysis view
Prevent systemctl status from hanging at the end of the installer if the window is small
Removed “inconclusive” status from findings/compliance choices. Migrated any “inconclusive” status in DB to “compliant”

Benchmark Changes

First pass commands done CISCO IOS XE r3 NDM
Merged 3 MS SQL Server 2012 Instance STIGs into ms_sql_server_2012_stig.
Merged and Updated Mozilla Firefox v6r1.
Marked MS OneDrive v2r2 ready.
Merged Microsoft OneDrive for Business 2016 to Microsoft OneDrive v2r2.
SLES 15 first pass commands in place
Merge Windows Firewall benchmark to v2r1 (No changes in actual benchmark)
HBSS ePO 5.x v2r5
McAfee ENS 10.x v2r5
Windows 2012 Server DNS v2r4
HBSS McAfee Agent v5r4
HBSS Agent Handler v2r2
HBSS Remote Console v5r1
HBSS Rogue Sensor v5r1
Windows PAW v2r1
Active Directory Domain v3r1
Windows Server 2012 DC v3r3
Windows Server 2012 MS v3r3.
Windows Server 2016 v2r3
Windows Server 2019 v2r3
Fixed conflicting Win Defender command ID
Microsoft Windows Defender Antivirus STIG v2r3.
Windows 10 STIG v2r3.
Tweaked MS Dot Net Framework question collection for cmd.
Microsoft Windows 2008 Server Domain Name System STIG v1r8.
RHEL 8 Commands Complete
PostgreSQL 9 fixes
Apache 2.4 UNIX site/server commands

v2021.12.2 (2021-12-10)

Features

Added SUSE 15 to OS list
Added “View Admin Page” option on scans, machines, locations, and clients for staff users
Selected client is no longer tracked in the database. This allows you to use different browsers or incognito mode to work with multiple clients at the same time
Scan comparison now works across clients. Fixed bugs when working with multiple clients at the same time

Fixes

Work more reliably when multiple windows are open and the user attempts to select different clients. Previously we relied on the selected client when editing families, machines, and locations, which led to bugs when editing items not in the currently selected client.
Fixed database admin page selects
Removed editing previous scan from admin (with many scans, that field has the potential to prevent the page from loading)
Prevent code with breakpoints from deploying
Slightly better recovery when parsing an exception from a background job fails
Handle the menu correctly when the user is logged in but does not have a client selected

Benchmark Changes

RHEL 8 Commands Complete

v2021.12.1 (2021-12-07)

Major Features

The Xylok API is now officially supported. Detailed documentation is available under the user menu->API Documentation and high-level docs and use cases can be found under the Automation header of the Xylok docs. The initial use case of this automating scaning and analyzing a machine. Supported API endpoints include:
- Searching for a machine
- Fetching machine script
- Uploading results
- Copying interview answers
- Running Automatic Analysis
- Monitoring the status of background tasks
You can now drop files on the sidebar, making uploading results easy no matter where you are in Xylok. Multiple files can be uploaded at a time and you will be blocked from navigating away while the uploads are in progress.
Sidebar now holds a small task monitor, allowing it to track background tasks and download generated files without having to stay on a specific page.

Features

Single scans can now be exported as CKLs
When benchmarks are removed from machines/locations, the client will have the pinned benchmarks removed
Machine list is now sortable
Hitting ‘/’ (slash) to select search box now works on benchmark, machine, and scan lists
We now display the benchmark ID as a column in the backmark listing (rather than the short title) and provide an easy copy button
Navigation now correctly resets to a valid state if the open menu is no longer valid (ie, when you log out)
Single-task monitor page nicely shows stracktrace, better parsing of exceptions
Re-worked single task monitor page to use task monitoring API
Virtually all jobs receive a description when starting now, plus all jobs have a reasonable timeout now
Navigation menu now allows navigating between section menus without page reloading
Task displays are now limited to the initiating user
Include container memory infomration in container log output
Include container processes in container log output
Include mx process logs in logs command

Fixes

Correctly hide FOUO STIGs from unauthenticated users (thanks to the user who caught that!)
Don’t error out when serializing job with no result
Moved to using Alpine to handle row clicks in benchmark browser, preventing history weirdness with HTMX
Complete export includes ratings. Because ratings depend on scans, the option to download them separately has been removed for now–if you need this feature, contact support
Allow for nulls in RTM verification dates in export
If XYLOK_DATA setting has a ~ in it, don’t accidentally create a ~ directory (expand it correctly to the user’s home)
RTM validation date is now the date of the last rebuild. RTM verification date is the date of the last physical ‘reviewed’ click on the control or the last scan data for technical data
Removed redundant reports from reports menu found in respective raters
RTM includes checks from benchmarks assigned to machines, even if there are no scans
Fixed deprecation warning from my_init
Modified UI elements, fixed comment box typing/saving
Removed deprecation warning about ‘GROUP_CLAIM’ when using ADFS authentication
Correctly return default value when getting archive settings that don’t exist
RTM now works when there are no scans in client

Benchmark Changes

Updated McAfee Application Control 7.x STIG v1r6.
Updated Splunk Enterprise 7.x for Windows STIG v2r3 and marked ready.
Added PP for Splunk Enterprise 7 STIG v2r3.

v2021.11.2 (2021-11-23)

Features

There is a new import/export format for Xylok. The new SQLite-based format demands less memory and will work on a wider range of systems. There’s also more room for optimization, potentially allowing for quick importing/exporting in the future. Features of the new format include:
- Scans, client data, and CCI/Control/Tech/POAM/RTM ratings
- Dependent benchmarks for scans–now an export from one system includes everything needed to work on a different system, even potentially outdated/removed commands
- SQLite3-based, which allows for easier searching and manipulation than the previous format. If needed, the sqlite3 CLI client is included in the Xylok container image.
- Greatly reduced memory usage
- In the future, we plan to include AA data and allow for selective importing of parts of the archive.
Spreadsheet versions of the various raters (CCI, control, tech) area all exportable directly from the rater page, reducing navigation
Uploads and downloads now persist to temporary storage on-disk, rather than being retained fully in memory. This should reduce issues on lower-memory systems where imports could not be completed because of out-of-memory process termination. A maintenance process has been added to help clean temporary files over time.
A new task-montioring page has been created, allowing you to view all background processes in the same location.
Multiple files can now be selected during upload

Fixes

Allow boolean questions to work
Fixed documentation on importing SCAP/CKL results.

Benchmark Changes

Started Splunk Enterprise for Windows v2r3.
Updated Windows Server 2008 MS STIG v6r46.
RHEL 6 - Additional commands and corrected Post Processing errors
Finalized IE9 STIG v1r15.
Finalized IE8 STIG v1r20.
Finalized IE 7 STIG v4r20.
Finalized IE 6 STIG v4r11.
Added remaining RHEL 8 Checks missing commands
RHEL 8 - Adding missing commands
Added PP to some Cisco ASA Firewall STIG v1r1 checks.
Updated Windows 7 - WINUR-000032 to allow for capitalization variations of the ‘Auditors’ group.
Updated VMWare vSphere 6.5 ESXi STIG v2r3.

v2021.11.1 (2021-11-07)

Major Changes

This release comes with a major rewrite of the Xylok user interface. Please give us feedback at support@xylok.io if you run into any issues or have requests! The documentation has been updated to reflect the new look. Other than looking completely different, some notable features of the new UI include:
- The UI menu has been broken down into “sections,” reflecting the actions you’re most likely to be working on at a given time. I.E., when doing assessments the scan list, raters, and importing are all easily accessible.
- Keyboard-driven workflow for scan analysis. Hover over the “?” at the top of the analysis display to see a list of the keyboard shortcuts.
- The output display for the analysis page can now expand to full screen, for those especially big outputs.
- Far more items have smooth searching now, with results appearing as you type
Documentation now has a section on the workflow for the Assessment Rater displays, covering the CCI Rater, Control Rater, Technical Rater, and POA&M Manager. As we encourage more organizations to use these integrated tools, we’re hoping to build out even more reporting around them. If you have requests or ideas, let us know.
The Raters now generally have a “Reviewed” date, allowing them to be more easily updated over time. No changes since the last time you looked at a CCI? Just mark it “reviewed” so you know it’s still accurate!
Breaking: The run subcommand from the xylok manager, because it caused permissions issues. To compenstate, we now create a new /_passthrough mount for Xylok, intended for transfering files in and out of the container. The host location of this mount can be found by running ./xylok pt ext. The Command Line Utilties->Working with Containers sections of the documentation has more details on this.

Features

Added a search to copy answers page, added a link to view all related items from CCI Modal
We’ve re-introduced the Technical Rater, formerly called the “FARR”. This is intended to provide an interface for rating items on a strictly technical level, outside the CCI Rater. May help with prioritization of fixes.
Clicking the command link when analyzing opens the command in a new tab with a nice plain-text view
Added CLI tool to merge two CCI rating sets
Display background request errors consistently, letting the user know when an error occured.
Search builder in raters now include filtering for reviewed/updated date range and clear form button
We now have automated testing around both clean and upgrade installs on every release for on Ubuntu 21.04, CentOS 7 using Docker 1, CentOS 7 using modern Docker, and CentOS 8 using Podman.
Container health checks also confirm the background workers are responding.
Most of the system configuration checking has been moved to xylok-manager, allowing it to be re-run on the host as needed (rather than requiring the installer)
Greatly reduced installer size
Numerous library upgrades, including Python 3.9 and Django 3.2.
Added the ability to see recent server logs from the web by going to the user menu->Server Logs. User must be marked as “staff” in the Django database admin.

Fixes

No longer error out when importing a ZIP file
Benchmark details check table now sorts by stig id by default
Properly run backup of database during install
Scan comparison family was using name instead of pk, causing it to not load the correct scans when clicking in from an external link.
Correctly update pagination when searching in raters
Added back in bulk delete scan warning page
The ‘unmarked’ filter should now show ’needs human review’ items
Added support for detecting prompt for HP devices (surroundeded by [])
Scan comparison URL includes client information, allowing it to work even if a different client was selected by user
Correctly apply PP when multiple items recommend the same thing
Don’t accidentally create ‘~’ folders in Xylok Manager
Nulls are now stripped from PP output, preventing broken PP scripts from causing issues in processing other checks.

Benchmark Changes

RHEL 6 STIG Added missing commands for v2r2. PP fixes on several checks.
RHEL 8 STIG Adding missing commands to checks in v1r4
RHEL 7 - Updated for new release v3r5 - Fixes for commands and post processing
RHEL 7:
- RHEL-07-021340 - Added Post Processing
- RHEL-07-040180 - Changed command and added Post Processing
- RHEL-07-040190 - Changed command and added Post Processing
- RHEL-07-040200 - Changed command and added Post Processing
- RHEL-07-040520 - Added Post Processing
- RHEL-07-010270 - Changed command and fixed Post Processing
- RHEL-07-010480 - Modified Post Processing to handle RHEL versions better
- RHEL-07-010482 - Added Post Processing with recommendation
- RHEL-07-010483 - Added Post Processing with recommendation
- RHEL-07-910055 - Changed command and added Post Processing
- RHEL-07-020210 - Added Post Processing with recommendation
- RHEL-07-010119 - Removed hard coded 5 for retry in Post Processing
- RHEL-07-021031 - Changed the ’ls’ command to a ‘stat’ command and it no longer returns a line if no results are found
- RHEL-07-010310 - Corrected the recommendation to compliant when the correct value of ‘0’ exists in Post Processing
- RHEL-07-040170 - Modified command and Post Processing
- RHEL-07-040710 - Changed the compliant value to ’no’ in Post Processing
- Marked RHEL 7 v3r4 ready, added remaining command
Updated MS SQL Server 2016 Database STIG v2r2 and MS SQL Server 2016 Instance STIG v2r5.
Updated IIS 10 Server STIG v2r4 and IIS 10 Site STIG v2r4.
Updated IIS 8.5 Server STIG v2r3 and IIS 8.5 Site STIG v2r4.
Updated VMware vSphere 6.5 Virtual Machine STIG v2r1.
Updated IE 11 STIG v2r1.
Updated Microsoft Edge STIG v1r3.
Populated Microsoft Office 365 ProPlus STIG v2r3 with commands and postprocessing, and expert comments for DISA mistakes.
More minor updates to Windows 10, Windows Server 2016 and 2019 STIGs.
Updated firewall rule checks in Microsoft Windows 2012 Server DNS STIG.
Updated Windows Server 2016/2019 check for ‘create symbolic links’ regarding Hyper-V role.
Minor updates to Windows 10, Server 2016, Server 2019 STIGs (v2r2).
Updated Windows Server 2019 STIG v2r2 and Windows Server 2016 STIG v2r2.
Added ’looking for’ statements for all the basic Cisco L2S PP
Corrected runner for ASA commands
Added basic PP (no recommendations) to more of the Cisco IOS l2s STIG
Added Cisco ASA commands to ASA FW STIG
Added HP Comm commands to Layer 2 Switch SRG
Updated Windows Server 2016 STIG v2r2.
Updated Windows 10 STIG v2r2, including user-identified issues (Thanks!).
Updated Internet Explorer 11 STIG v1r19, including user-identified issues (Thanks!).

v2021.09.2 (2021-09-16)

Features

Installer should be more robust now, handling various edge cases more appropriately and be more adept at recovering from failed partial installs. In addition, there are some settings it will now check during installation and warn the user to correct.
File imports are sorted, making it a bit easier to tell progress
Cancelling following xylok logs no longer throws a keyboard interrupt error.
Podman logic has seen more improvements.
Removed start.sh and stop.sh scripts. With the move to systemd as the control scheme, using the appropriate systemctl start/stop commands is more appropriate.
Better management of benchmarks by allowing verisons and checks to be tombstoned (benchmarks and commands already could be). This helps manage major STIG changes over time and prevents visual build up of old STIG data

Fixes

No longer display tombstoned benchmarks on benchmark listings
Correctly import from deeply-nested directory structures
If a benchmark has no ready versions, during import we now force the latest version to be ready. This avoids weird behavior around brand new benchmarks.
Forced benchmarks to re-import to ensure tombstoning is properly applied
During setup, all xylok manager calls are made using ‘bash’ to avoid noexec issues on tmp partitions
Handle JSON decode errors in the Xylok Manager correctly on Python 2
Create xylok data and logs folders before settings permissions
Benchmark coverage page loads correctly, rather than trying to find a benchmark with the id ‘coverage’

Benchmark Changes

Combined VPN benchmarks
Combined traditional security benchmarks
Combined router SRG benchmarks
Combined IE8 benchmarks
Combined IE9 benchmarks
Combined general purpose OS benchmarks
Combined SQL Server 9 benchmarks
Combined Database Generic SRGs
Combined OSX 10.15 benchmarks
Combined Voice and Video Endpoint SRGs
Combined RHEL 8 STIGs
Updates to Oracle DB 11.2g STIG v2r1.
Marked Oracle DB 11.2g v2r1 as ready for customers
Populated Cisco IOS XE Switch L2S STIG v2r1.
Updated Cisco IOS Switch L2S STIG v2r2.
Oracle Database 11.2g STIGs combined
Updated Windows 10 commands and PP.
Updated Mozilla Firefox STIG v5r2.
Adding Red Hat 8 Commands
Updated MS SQL Server 2014 Instance STIG v2r1.
Updated MS Windows 2012 Server Domain Name System STIG v2r3.
Updated VMWare vSphere 6.5 ESXi STIG v2r2.
Updated VMWare vSphere 6.5 vCenter Server for Windows STIG v2r2.
Updated MS SQL Server 2016 Instance STIG v2r4.
Updated Adobe Acrobat Pro DC Continuous STIG v2r1.
Updated Microsoft IIS 8.5 Site STIG v2r3.
Update Microsoft Office System 2016 STIG v2r1.
Updated Microsoft IIS 10.0 Server STIG v2r3.
Updated Microsoft IIS 10.0 Site STIG v2r3.
Updated Google Chrome STIG v2r4.
Updated MS Edge STIG v1r2.

v2021.09.1 (2021-09-02)

Major Features

Xylok now runs as a non-root user on all installations. To facilitate this, the following things will occur during installation and/or upgrade:
- A xylok user and group will be created on the host if it does not exist. This user will be given a home directory (necessary for execution of the container under Podman), but should be created with a system-level UID.
- Xylok data files (/var/lib/xylok, /var/log/xylok, /opt/xylok) and configuration files (/etc/xylok.conf) will have their owner changed to xylok
- If a non-Xylok user should have access to the Xylok data, they can be added to the xylok group. Most files, except for Postgres database files, allow group access.
- When starting, the Xylok Manager will also work to ensure files are owned by the correct user. If you encounter permissions errors, please contact Xylok support (support@xylok.io).
Xylok now uses systemd to manage on-boot execution for all installations, rather than relying on Docker’s restart=always. The xylok unit will be installed during the upgrade. From then on, the systemd unit xylok can be used for status, starting, and stopping. On Docker systems, there is a dependency on docker starting.

Features

Updated help docs to reflect new security information
Removed Redis AOF log, making startup faster. We don’t need the solid persistent anyway, it’s only for caching and session data.
Logs command supports specifying components, if you only need to tail certain processes. IE, /opt/xylok/xylok logs -f worker

Fixes

Benchmark import correctly removes old version of checks from versions
Rating importing no longer resets update dates, which occasionally led to the wrong data being displayed as ‘current’
Corrected POA&M rebuilding and generation from reports menu
When saving on the various raters, return the correct page of the results still. In addition, don’t give a 404 on an empty page–just return the last page
As a safety measure, during an install individually request each old component shut down
Ensure Postgres always terminates connections, rather than waiting for clients to DC
Correctly update cci compliance status when copying in modal
Resolved a CSRF issue when using non-standard ports for hosting
If there are no permissions to create proxy certs, put in tmp directory
Don’t exit when files are links and/or removed during permissions settings
Set root data/logs directories with correct permissions, in addition to core mount points
Dynamically generate self-signed certificates during boot. This fixes and issue when using non-root UID/GIDs for Xylok, which led to Nginx not being able to acces the snakeoil certs.

Benchmark Changes

Adding RHEL 8 commands
Numerous benchmarks imported thanks to the quarerly release.
Added 24hr time parsing/examples Win Svr 2019 (Thanks Thomas)
Added 24hr time parsing/examples Win Svr 2016
Fixed issue with WDNS-SC-000010 not showing 2012 command in Windows 2012 DNS STIG v2r2.
Marked indos 2012 DNS v2r2 ready.
Updated SSHD config checks
Initial commit on apple_macos_11_stig

v2021.08.1 (2021-08-08)

Major Features

Nginx (v1.20 currently) has replaced Caddy as the reverse proxy. This has a few benefits:
- Static files (CSS, Javascript) will be served more quickly.
- All content is Gzip, helping any installations with slower networks.
- Fewer compatiblity issues during upgrades, which should help with the previous fixed-SSL certificate reliability issues.
- A more robust Content Server Policy has been put in place, following best practices where possible.
The move to a single container for all Xylok processes made logging more challenging. This has been resolved, with physical logs being generated at /var/log/xylok/ for each internal component.
- The /opt/xylok/xylok logs sub command has been updated to reflect this change. By default, a ZIP file with the last 5000 lines of each log will be generated, plus some settings (passwords/secrets are excluded) and the docker container logs.
- The logs command also has a -f flag, which tails all component logs and allows for nice real-time debugging of any issues.

Features

Container read-only setting can now be set via environment variable.
Include CSP nonce for scripts where possible. CSP nonce values are regenerated on every build.
Development images are now also read-only, hopefully avoiding issues moving to production.
Nginx can now be put into maintenance mode, where no traffic is sent to Xylok.
Xylok Manager settings subcommand now shows default settings. This will allow us to more easily consolidate the documentation for all settings into the Xylok command, rather than just seperate docs.
Removed nodejs from final production image, reducing size slightly.

Fixes

Don’t include a DB version script in utils, just do it directly in setup.sh. Correted DB version retrieval.
If a DB upgrade occurs, don’t fail out when it returns non-0 due to normal warnings.
Strip docker log output to avoid blank lines at end.

Benchmark Changes

Marked Windows 2012 DNS v2r2 ready.
Fixed issue with WDNS-SC-000010 not showing 2012 command in Windows 2012 DNS STIG v2r2.

v2021.07.2 (2021-07-30)

Fixes

Corrected proxy config to work with internal and external certs by splitting configs
Corrected README instructions for creating an fixed certificate

Benchmark Changes

Updated IIS Server 8.5/10 checks IISW-SV-000130/IIST-SV-000130 to limit search to local drives.

v2021.07.1 (2021-07-23)

REMOVED: The FARR has been removed in favor of using the CCI Rater and/or POA&M Rater. If your organization utilitizes the FARR, please contact support@xylok.io.

Features

Re-wrote client control page to be server-side rendered. After initial build, display should be vastly faster
Client control coverage is now computed in the background and cached for 10 minutes
Aadded more robustness to Task Monitor exception parsing
POA&M, CCI, and Control raters are now rendered on the server side. This should greatly increase the loading of certain aspects, like related data.
Small redesign of Client/Location/Machine details pages
All machines list is now searchable by machine name/short name/location/OS/family
Scan list and location scans list are now searchable

Fixes

No longer default Django DEBUG to on
Remove OOB for machine list search (fixes JS console error)
When a client’s controls are not found in cache, still return user to correct page after build
Searching for just a number in the CCI rater now works as you’d expect. IE, just typing “366” correctly returns just CCI-000366.
Corrected how saving history works during a rebuild
Corrected Xylok Manager to work with Python 2 again
Show Benchmark check IDs in benchmark detail print view

Benchmark Changes

Added time limits to PP code
Populated IIS 8.5 Server and Site STIGs v2r2 after constant pressure and bullying from the work list.
Added another SID to Windows User translation PP util.
Added HPCom OS cmds to Infrastructure L3 Switch STIG v8r29.
Updated Cisco IOS Switch L2S STIG v2r1.
Added 4 well known SIDs to Windows User translation PP utility.
Updated APPNET0066 PP of PS command in Dot Net Framework STIG v2r1 to correct bad regex issue.
Updated MS Windows Server 2012 DC/MS STIGs v3r2.
Updated MS Windows Server 2016 v2r2.
Updated Windows 10 STIG v2r2.
Updated Windows Server 2019 STIG v2r2.
Updated Windows Defender AV STIG v2r2.
Added Windows Server 2019 support to OS Baseline
Solaris 11 command updates
Added basic support for Dell switches to Layer 2 Switch SRG
Scraper: Added benchmark zebra_android_10_cobo_stig, added version v1r1
Scraper: Added benchmark zebra_android_10_cope_stig, added version v1r1
Scraper: Added benchmark tm_tippingpoint_ndm_stig, added version v1r1
Scraper: Added benchmark tm_tippingpoint_idps_stig, added version v1r1
Scraper: Updated benchmark samsung_sds_emm_stig, added version v1r2
Scraper: Added benchmark ms_scom_stig, added version v1r1
Scraper: Updated benchmark layer_2_switch_srg, added version v2r1
Scraper: Updated benchmark juniper_router_rtr_stig, updated version v2r2
Scraper: Updated benchmark windows_server_2019_stig, added version v2r2
Scraper: Updated benchmark windows_server_2016_stig, added version v2r2
Scraper: Updated benchmark windows_defender_antivirus, added version v2r2
Scraper: Updated benchmark windows_2012_ms_stig, added version v3r2
Scraper: Updated benchmark windows_2012_dc_stig, added version v3r2
Scraper: Updated benchmark windows_10_stig, added version v2r2

v2021.06.2 (2021-06-16)

Fixes

Only mount /etc/passwd when using Docker and a custom UID/GID, Podman nicely creates the container user for us.
Corrected Xylok Manager to work with Python 2 again

v2021.06.1 (2021-06-15)

Major Features

All Xylok components now run inside a single container. This simplifies supporting both Docker and Podman. In addition, it has allowed for more robust process supversion to be put in place, ensuring failing components restart automatically. The impact on user installations should be minimal. The only caveat to this is the renaming of CPU/memory limit settings. See https://www.notion.so/xylok/Security-91146958a092412696696eee2d665260

Features

Duplicate scan errors are much prettier
Make Posix scripts world-readable at the completion of the script, rather than making requiring the end user to fix it
Error pages are correctly styled and display friendlier error messages. For logged-in users, the stacktrace will be displayed for easier debugging (hidden for anonymous users).
Sidebar now sticks in the same place when scrolling
Default to showing more lines in output during analysis
Commands now have a “Show full command” link at the end of the truncated one of the command is too long to fit on the page. Also has a “collapse command” option once it’s expanded

Fixes

Powershell collection script now shows output location at end of script
Ensure comments and finding details do not contain invalid characters for XML
Downloads on the task page should correctly continue to refresh
Corrected error display for errors with a ‘:’ in them
Downloads which complete before the task monitor page loads should still download properly
Show a nicer download link in case downloads do not start automatically.
Increased ready check retry count to 120
DB and Redis ready now gets checked for all commands–and the DB check works even if the DB isn’t configured yet
Remove old docker-compose files from existing installations
Allow non-root UIDs to work with matplotlib
Remove unneeded Python libs for production installs

Benchmark Changes

Added basic support for Dell switches to Layer 2 Switch SRG

v2021.05.2 (2021-05-20)

Fixes

Fixed Python 2 compatibility during installation and added testing to check against all supported versions of Python

Benchmark Changes

Corrected scraped benchmarks which lacked check contents.

v2021.05.1 (2021-05-17)

Features

Task monitor page has been rewritten to report errors more nicely
Several pages should load more quickly and reliably, with less network traffic (rendering has been moved server side)
Added search and paging to client listing page

Fixes

Small fixes to systemd unit file. There may still be an issue with RHEL 7 and Podman 3.
When booting, Xylok components will attempt to wait for the database and redis to be fully ready
Added redis to DB start script, since both those backend services might be needed independently of the scanner.
Don’t eat user messages on task waiting page
Note that podman 2 mode also covers podman 3
Scan comparison fixed
Corrected issue with check links in analysis items
Cleaned up several unused JS files

Benchmark Changes

All PP now notifies that it completed successfully
Updated PP for RHEL and windows machines to collect data needed for PPSM.
Commands/PP added for VMWare vSphere 6.7 ESXi, Virtual Machine, and vCenter STIGs. All v1r1.
New commands for Solaris 11x86
Updated MS Office System 2013 v2r1.
Updated MS SQL Server 2016 Instance v2r3.
Update MS Windows DNS 2012 v2r2.
Updated Google Chrome v2r3
Updated McAfee VirusScan Enterprise 8.8 Local (v5 r16) and Managed (v5 r21) to combine commands & PP.
Updates for IIS 10 Site & Server STIGs v2r2.
Commands/PP populated for IIS 10 Server & Site STIGs, both v2r1.

v2021.04.1 (2021-04-21)

Major Features

Always add Xylok OS Baseline to scans. This fixes the requirement from the previous update that all users must manually add the OS Baseline to their machines to activate the automatic data import. As a part of this:
- All licenses and installers get xylok_os_baseline bundled in. To see the new benchmark, you may need to update the license in Xylok. If you have any issues, please contact Xylok support.
A PPSM in two formats can be generated using port information gathered by the Xylok OS Baseline. The new report is available under Reports -> Ports, Protocols, and Services Matrix. The data will start being populated the next time a scan is performed. If you need a PPSM in a different format, please contact support@xylok.io
CKL import will now automatically add IP/MAC addresses and host name if they are in the scan.
Users will now be notified if the OS they have entered for their machine does not match the OS found in the baseline scan. (Windows and RHEL only so far)

Fixes

Xylok will now correctly start automatically on system boot.
CKL exports will now more reliably include all available check data. Previously, CKLs might ignore some data if the data was from an older version of a check, but this created issues with transitions between benchmark releases.
Correctly mark no-longer present versions of benchmarks as ’not ready’
Fixed machine info alerting when the new value is empty.

v2021.03.2 (2021-04-01)

Quick-turn release to fix two issues.

Fixes

Cleaned up migration missing warning
Corrected scan multi-item edit and filter

v2021.03.1 (2021-03-26)

Major Features

Added an automated “Machine Benchmark Status Report” under the Reports tab. This will generate a spreadsheet that shows the Stig Viewer score and Xylok score, separated for each benchmark, for every machine under a client.
When importing a scan or running Post Processing, machine info can be automatically updated. If new information conflicts with old information, user can choose which to keep, or to ignore future suggestions. Can also undo ignoring suggestions. More QOL to follow.
- To activate this feature, assign the Xylok OS Baseline to all machines you’d like to track
- Currently, supported OSes include:
  - Windows 7
  - Windows Server 2012
  - Windows 10
  - Windows 8
  - Windows Server 2008
  - Windows Vista
  - Windows XP
  - Windows Server 2016
  - RHEL 5-8
- Let us know if you encounter any issues or have any particular OSes you’d like support added for.
Added package to log all Javascript errors and exceptions to the main logs, allowing for end-to-end debugging if support is needed.
users can now use ./xylok logs to save a report of all the container logs.

Other Features

Left/right buttons will no longer disappear when changing a scan items status
Matplotlib will load quicker
If a user changes a machine’s location, the machine’s scans will relocate to the new location as well
Users will now be notified if a scan’s location does not match the machine’s location from the scan details page.

Fixes

Support Docker 1.26 for healthchecks
Recent location scans were adding duplicate of most recent scan rather than location scans with no machine (as intended).
Location scan list was only displaying most recent scans, causing unexpected results. Location and Scan list now default to show all scans, and can also show most recent if desired.

v2021.02.3 (2021-02-24)

Major Features

Xylok can now be hardened to more accurately match the Docker Enterprise STIG. See the “Security” page of the new version of the manual for more details, but included features include:
- Health checks for all containers (always on)
- Container restart policy (configurable)
- Bind interface (configurable)
- Enabled “no-new-privileges” security option (always on)
- Components can run as non-root users inside containers (must be configured, see security guide)
- Containers run with read-only filesystems (always on)
- CPU and memory limits (configurable)
There is now a “logs” subcommand for xylok-manager.py, which fetches all the container logs with a single command. This should help with debugging issues on customer installs.

Other Features

Log Django requests and exceptions at a more detailed level, which will allow those details to be included in the container logs.
We no longer prompt about upgrading benchmarks. Use the “–no-benchmarks” flag if skipping the upgraded benchmarks is needed.

v2021.02.2 (2021-02-17)

Major Features

Active Directory sign in is available for users who want to log in using Windows Server or Microsoft Azure:
- NOTE: Please reference the updated documentation for details on how to implement this feature for your system.
Scan details page has an option to filter items by “interview”, showing only items that have interview question to answer.
Scan Details page shows a progress bar to show how many items are reminaing for that scan (unreviewed/needs manual review).

Other Features

Users can specify AD_CHECK_CA (True/False) to either bypass the Active Directory certificate check or have Xylok use their certificate file.
Users can login using the form method when AD sign in is enabled.

v2021.02.1 (2021-02-04)

Major Features

Scan analysis pages now hides the less pretty version of the Xylok recommendations and instead have a more obvious way to apply those recommendations.
There’s now options for managing automatic analysis (AA) data, the markings Xylok uses to match up old compliance information with new data when you import scans:
- AA data can now be copied over to a new or existing family
- Users can now use a scan as a ‘baseline’ for AA for a machine family, essentially updating all the AA items to use the findings from that scan
- Admin page now has a filter to show AA items by family, enabling deletion of AA data for families. AA data copy to new family now copies check command sets correctly.
- From admin page, can filter (and therefore delete) AA items by benchmark as well now.

Other Features

STIG titles no longer have to be unique, allowing for easier migration when forced by DISA
Controls page now shows filtering options by control groups in navigation pane. Hovering a control group abbreviation in the sidebar will show the full group name.
Added a navigation pane for more pages.
Benchmark questions can now have more strict structure. Existing answers are unchanged, but this will allow Xylok to enforce better answers going forward.
Allow commands to be ordered within a runner.

Fixes

New users can successfully switch/select clients
POA&M no longer includes N/A rows
SCAP import handles duplicate STIG titles more correctly
If there is no data in the installer, don’t attempt to load it. As a consquence, we can now allow the installer to bail if importing data does fail.
No longer show Matplotlib debugging output

v2021.01.1 (2021-01-04)

Other features

PP recommendation functions can now take both an issue list and a header for that list

Fixes

Clients with fully completed task lists wwill no longer redirect to the login screen.

v2020.12.1 (2020-12-30)

Major Features

Export/import of client control ratings updated to include all date information and POA&M status
Users can now import CKL data into Xylok
A “new client checklist” will now appear when a new client is created. If you’ve used Xylok before, go to the checklist and hit “Mark All Complete.”
Poam rater can now have multiple items edited at a time.
Multiple edit for scan details page, allowing quickly changing status and comment of multiple analysis items.

Other Features

Store alternate benchmark IDs in database, allowing migration over time when DISA changes benchmarks.
Allow commands to be ordered within a runner. From a user’s perspective, this should result in more consistent analysis displays.
Added instructions for gaining privileged access on switches and logging using SSH
New versions of benchmarks no longer default to customer ready. This should allow Xylok to wait to release new versions until commands have been added for new benchmarks.

Fixes

Xylok manager now correctly determines relative path to files, fixing some CLI usage issues.
Interview OS devices (ie, printers) now correctly skip producing an actual script. This mostly caused confusion because printers would have a generated script.
Fixed a bug where NewClientChecklist was initializing incorrectly.
Correct customer databases to merge various duplicate/renamed benchmarks. Notable among these are Firefox and the voice and video services STIGs
Control rater was not allowing controls to become compliant again thanks to old CCI rating data. That’s fixed now, only the most recent CCI ratings will be used
Client Dashboard and New Client checklist no longer return error with no Client or if CCI’s haven’t been built.
CKL import should more reliably find matching benchmarks
Fixed benign error message near end of installer output

v2020.10.1 (2020-10-22)

Major features

Users can now import SCAP results into Xylok
A client’s POA&M can now be managed directly within Xylok, allowing dates and comments to be tracked. Changes are timestampted in the database, laying the groundwork for reviewing changes over time. The generated POA&M Template will integrate any changes made on this POA&M manager.
CCI and Control raters store changes over time, allowing for review of changes over time.
An integrated Client Dashboard is now available under the Clients menu. This dashboard includes configurable graphs to show changes over time.
Benchmark editing is now performed outside the main Xylok Scanner web interface. Benchmarks are tracked in an external repository to allow for more flexibility in tooling and testing. A plan will be developed to transition organizations that currently edit benchmarks internally to the new tools.

Other Features

Added filter for “needs manual review” on the scan details page. Added new icon for “needs manual review”.
Xylok manager will return return code from commands run via exec
Podman 2 rootless mode is now more fully supported.
Old benchmarks can now be more cleanly hidden from view, but still exist for purposes of old scans.
During install, perform cleanup of old Xylok images based on image tag. This removes the need for an all-or-nothing image prune call. As a consequence, upgrades will no longer prompt for confirmation.
Benchmarks are tracked by a Git commit ID, allowing upgrades to complete more quickly if a given benchmark hasn’t been updated.
Moved to HTML based help documentation.
Xylok default users are no longer bundled into installs.
Redis will persist its database across upgrades, allowing users to stay logged in
Ability to enable/disable using ‘unready’ versions of benchmarks. Defaults to disabled.
Added benchmarks and admin user CLI flags to installer
Added support for .tar.gz, .tar.bz2, and .tar.lzma files in import
Simple page to grab authentication token for use with external tools using the Xylok API.

Bug fixes

Detect Podman version 2 correctly
Detect even more odd builds of Docker
Default to debug off for local installs
Importing a client from JSON correctly saves RMF overlays.
POA&M now properly only includes non-compliant rows
Support OSes that ship with a base64 that does not support newline-terminated inputs. (RHEL 5 is notable here).
Bulk processing now links back to machine/location scan list. Select all and select page are now options
Proxy now has access to certificates on host again

v2020.08.2 (2020-08-10)

Small speed improvements in Xylok Manager
Docker 1.13 supported

v2020.08.1 (2020-08-07)

Xylok now supports both Docker and Podman.
- CentOS 8/RHEL 8 support should be much better using in-repo Podman.
- Podman 1 in root mode should work correctly.
- Podman 2 and rootless modes has not been tested as much.
- Systemd is needed to auto-start Xylok on boot. Xylok Manager’s “systemd” subcommand can help manage the service file.
- All Podman installs should be treated as experimental–please contact support if you encounter any issues!
human_id is now accessible to post-processing scripts by using “ctx.human_id”
Post-processing scripts can mark an item as “needs manual review” to make it obvious the data was looked at by the script, but a determination is impossible without more information. Reports treat this status the same as “not reviewed.”
Upgrade Django to 2.2 LTS.
Remote databases are now supported for standalone installations. IE, an AWS RDS Postgres instance could be used.
Better handling of volumes under SELinux (even when using Docker).
Machine scan listing is now correctly paginated.
Self-managed user password changes.

v2020.06.3 (2020-06-30)

User may now set http and https port manually before install using --http(s)-port <port> flag

v2020.06.2 (2020-06-26)

Scan list now has checkboxes to select multiple scans for deletion/auto-analysis/post-processing.
Added ability to specify listening ports via HTTP_PORT and HTTPS_PORT in /etc/xylok.conf. See Manual for more information.
Embeded docker-compose updated to latest version
Some delete form “Cancel” buttons have been fixed.

v2020.06.1 (2020-06-03)

Proxy bind addresses set up to correctly issue certs in all cases
Never require SSL from the Xylok web server, handle only on proxy side

v2020.05.1 (2020-05-21)

Allow importing clients that have old version infomation stored
Install defaults to production mode
Show Caddy environment during boot
Upgraded to release version of Caddy 2

v2020.04.2 (2020-04-22)

Always set PATH for Windows batch scripts (should help systems that have had powershell removed from the path)

v2020.04.1 (2020-04-16)

Now using Caddy as the reverse proxy, unifying all deployment types under the same server.
Proxy now hosts most static files, reducing number of containers in use (and a small reduction in disk usage).
Caddy requires a common name in certificates. If a certificate does not match this requirement, it will be moved in /opt/xylok/certs to allow Caddy to still run using a self-signed certificate.
Additional HTTP security headers enabled for local installs

v2020.03.3 (2020-03-25)

Docker helper scripts have been overhauled, fixing some issues and adding some flexibility. General usage has not changed.
Docker helpers run commands as the current user, avoiding some permissions issues that might arise.
import-data.sh CLI allows automatic analysis to be run immediately, see updated manual.
Updated Xylok manual with instructions for updated import-data.sh
PP moved into core application. Brings a massive speed improvement at the possible cost of stability. Postprocessing speed more than doubled, bulk processing updates are more quickly applied to the database.
As a result, there will no longer be a separate “postprocessor” Docker container. It should be automatically removed during the upgrade.
Added support for additional string outputs from PP. Currently does nothing, but in the future these may be shown as additional columns on spreadsheets or other reports
Build image no longer warns about Docker if it is not in use for that build step
Build licenses, images, and benchmarks as separate parts
Profiling features and support for internal use

v2020.03.2 (2020-03-10)

Frontend correctly responds to requests again

v2020.03.1 (2020-03-10)

CKL production has numerous fixes:
- ‘rule names’. Not all STIGs will work correctly, new data can only be pulled from some STIGs.
- Severity values are correct now, so all Cat I/II/III tabs will populate correctly.
- CKLs are built into a location-based directory structure
Bulk postprocessing of small scans (less than 100 items) will now succeed
Updated benchmarks are pulled in correctly again

v2020.01.3 (2020-01-23)

Fixed technical likelihood not saving on CCI rater
Fixed Traefik 2 not working with HTTPS. This fix includes forcing all clients to redirect to HTTPS–if this causes problems for your organization contact support@xylok.io

v2020.01.2 (2020-01-22)

Fixed technical items not appearing on CCI rater
Moved to Traefik 2 as a proxy for local installations
Added CCIs to several benchmarks that did not have CCIs from DISA or that tied to RMF rev 3, including Cisco Firewall, JRE 7, and some RHEL 6 items.

v2020.01.1 (2020-01-13)

Updated AFSPC A3/6 MAD
Fixed post processing timing out on large scans
Copying question answers when the ‘from’ scan does not contain all the benchmarks of the ’to’ scan now succeeds

v2019.12.1 (2019-12-14)

Bug Fixes

Copying question answers when the ‘from’ scan does not contain all the benchmarks of the ’to’ scan now succeeds
Bulk Postprocessing for large scans will no longer timeout
If a 40X error is encountered by the PP test script, it now shows the response body
Benchmark importer does not die on XSL files
More reliably only stop existing install if the stop script actually exists
Warn when showing raw output on PP tab during analysis
Correctly end Airtable upload loop
Benchmark version comparison no longer duplicates changed/removed entries

Features

Benchmark changes are now pushed to tracker for easier management

Limit benchmark update time to 30 minutes
Make working with empty PP output more consistent

v2019.11.1 (2019-11-13)

NOTE This version will upgrade your system to Postgres 11. A special backup will be created as a part of this process. Please contact Xylok if you encounter any issues.

Bug Fixes

Severity value displays correctly on benchmark listing (internal value was correct)
Question editing corrected
OSes not selected warning fixed for when only tags are in use
Updated all use of version/release numbers to support string versions
Ensure selects with no key or os tag are still correct
Only Xylok production will attempt to send errors to central logging
Runners are loaded correctly for command verification
Note in the check search that regex is supported
Check searches with incomplete regular expressions will now be treated as plain strings
PP error helper grammar fixed
Base64 works on systems that do not support base64 –decode
PP audit helper handled blank case and correctly marks “no rules” case as noncompliant
eMASS TR fixed following other internal changes
Control rater CCI definitions included again
Bug with control rater rebuilder related to assessment number corrected
Risk rating from MAD not being included in CCI dump

Features

Added separate vCenter OS(es) to reduce the confusion around using “ESXi” when collecting data on a vCenter server.
Added versions.sh script to utilities, allowing for easy confirmation of the version numbers of components in Xylok
Xylok web displays long benchmark IDs appropriately
Pointed file importer to new XML processor
CIS and DISA XCCDF imports run through a merge operation into the original JSON in Xylok
CIS and DISA benchmark conversions to JSON fully supported
When Xylok service(s) are not availble, try to die with a nicer message
Interview and user-editable answers are now easily copied from scan to scan
Stacked scan info more closely together to save space
Show scan descriptions on various lists
Scans can now have a description set to help differentiate scans
Control ratings can now be imported and exported independent of the remainder of the client configuration
Windows Server 2012 no longer depends on subinacl and dumpsec
CCI rater rebuild now applies automatically compliant/NAs from MAD
Add audit module to PP docs
PP new check_audit_lines() helper is available
PP audit helper functions added
Seaching and filtering for new columns in CCI rater
CCI rater modal links to CCI page
New-style CCI rating calculator complete
New CCI rater modal layout
Manual has a new section for working with ESXi/vCenter

pgcli multistage build
pgcli moved to Python3
Moved to Taskfile for task management
Less noisy DOCKER_HOST initialization
Always pull base image again
Build custom pgcli image
Build custom version of Redis image
Whitenoise uses Django finders to locate static files
Whitenoise 4.1
Multistage PP image build
Simplified black configuration
Optomized core Docker image for size
Machine and location commands are retrieved via access layer
Clean up unnecessary imports
Sped up most integration tests
Always clear caches on DB initialization
Test for exporting ISO
Tests for client importing and exporting
Fixed STIG XML importing during automatic updates
Customized Postgres 11 image
Migrate raw risk comments to technical comment field

v2019.09.2 (2019-09-10)

Bug Fixes

Handle no scan being supplied to PP processor
Handle blank PP scripts more gracefully

Features

PP tester script can now accept scan and client JSON for more involved scripts
More informative error messages for PP stack traces
PP script errors are reported with line numbers closer to the real location (should only be offset by 1 line)

After finishing disk cleanup, show resulting free space
Use Kaniko to build main builder image

v2019.09.1 (2019-09-06)

Benchmarks

Windows Server 2019 has been updated with commands, please report any issues you encounter!

Bug Fixes

Fixed an issue with context.raw not always returning the correct value
PP with blank raw_output works again
Fixed a speed regression with PP and the new options available to scripts
Pager-based filtering corrected to work with all pages
Sorting on special columns (risk, category, status) works as expected now
Allow 255 characters for benchmark IDs and short titles
Normalize benchmark ID when importing SCAP content
Use the benchmark ID as the short title if the normal title is too long
When clicking copyable text, ensure the scroll position doesn’t change.

Features

Added new SIDs for resolve_sids
Benchmark list included in SAR
Added ability to export the SAR data as a JSON file
Added Lenenshtein Distance algorithm as PP helper
Clients can now be marked as classified (in a future release, this will allow reports to be marked appropriately)
Postprocessing documentation updated with context information
New Context object available for PP to use, which includes smart properties for common PP needs
Hovering over a command in analysis shows the PP script in use (if any)
New context variable to PP scripts carries additional information without adding to the global namespace
PP now has much more data available to it.
Bulk processing of a scan’s PP should be faster in some circumstances.
Results listing shows PP output if available
CCI rater now uses a fancy search box that can take multiple conditions and negations
Allow search entry via query builder OR direct input
Removed old filter headers on CCI rater
Support “has:” queries in fancy search
Increased the size of the CCI rater modal text boxes some

v2019.08.1 (2019-08-06)

Bug Fixes

Preemptive fix to avoid poorly constructed benchmark helpers from breaking building scripts.
Error if no data config is given for a spreadsheet column
Autofit gives a bit more room
HW report widths fixed
eMASS TR formatting fixed to focus on results more
Fixed wrapping on machine report
eMASS TR now has blue “results here” and autofiltering by default. Closes #146 and #145
Conditional formatting location adjusts with additional columns
During base control wrap-up, N/A controls no longer affect the parent control’s status
Newline in checksum file
Build SAR System Control Risk Distibution off full control list including enhancements, not just base
Individual names for checksum files
SAR Baseline Control Review CCI C/NC/NA/etc counts corrected
SAR Base Control Review comments for NAs are more appropriate.
Control rater now prioritizes compliance status by NC > C > NA CCIs. I.E., if there’s a conflict then the highest rating wins.
SAR Base Control Review has spaces added for status now
On SAR CCI&AP tab, statuses now include spaces

Features

Conditional formatting for findings spreadsheet
Colors for SAR ratings
Added conditional formatting for POAM Severity and Residual Risk columns
Impact Description can be included on POA&M (just a blank placeholder)
Added more POA&M options: Rule ID/STIG ID and the ability to include items without an AP
POA&M now has an options page that allows adding blank lines to template. Closes #142
Added a Control Review worksheet to the tab, which covers all controls including enhancements (in contrast to the Base Control sheet)
Added System Control Risk Distribution chart to SAR
Control Rater default comments are now built off NAs and Compliants as well
Allow filtering for NAs on CCI and control rater
If the CCI Benchmark for a CCI is marked as Not Applicable, the associated CCI will also be marked NA regardless of other data.
Include Not Applicables on CCI rater modal items
If a NIST CSF category is an “unknown” risk (probably compliant), call it Compliant on the NIST CSF SAR tab
If a CCI has no mitigations, state that rather than having a blank commet in the default comment

Use fully qualified Docker image tags for installers for increased Podman/Docker interoperability
Removed mypy dependency
Moved all conditional formatting into helper functions
Documented spreadsheet_builder
More consistent internal name for spreadsheet config items
SAR moved to spreadsheet builder
FARR spreadsheet moved to helper
Moved HW report to new spreadsheet helper
Moved Individual Findings Spreadsheet to new builder
POA&M and Scan Comparison moved to new spreadsheet generator helper

v2019.07.2 (2019-07-17)

Features

Show OS on machine page
A default comment can now be built for the control rater. Use control rating default comment in reports if a manual comment is not set
Added implementation guidance from MAD to CCIs. Hot loaded on demand
Better description of Control Rater comment purpose
Show default comment on control rater if there is no other comment
NC3 overlay updated
Control pages show deprecation/withdrawn warnings

Benchmarks

Tomcat benchmark built
SQL Server 2008 R2 working from Server 2008 (Using SQL Server 2012 STIG)

Bug Fixes

Client controls and CCIs are filtered by withdrawn/deprecated status
POA&M now uses Rule ID and skips item without MAD entries by default
“Tranditional” misspelling fixed
POA&M now includes only emass-only columns
Label the FARR Risk as such in the individual findings spreadsheet to avoid confusion
Firefox control overlay formatting
If AA data can’t be imported for any reason, skip it without dying on remaining data
Don’t die if there’s no exception to report in a JSON call
eMASS TR control names have no spaces in them
It is now possible to click the actual overlay row instead of just the links
“Medium” renamed to “Moderate” in all applicable cases
On POAM, all severity/impact strings use spaces instead of underscores
SAR risks/etc have underscores replaced with spaces

Checksum file is more simply named
Corrected hash file format

v2019.06.12 and v2019.07.1 (2019-07-06)

Installer can now be pushed to ShareFile

v2019.06.11 (2019-06-26)

Bug Fixes

Firefox control overlay formatting
If AA data can’t be imported for any reason, skip it without dying on remaining data

v2019.06.10 (2019-06-21)

Bug Fixes

Findings JSON generation no longer complains about UUIDs

v2019.06.9 (2019-06-20)

Features

Added “machines” column to POA&M
Added FQDN to JSON findings

v2019.06.8 (2019-06-19)

Features

Added machine and location ID to finding JSON

v2019.06.7 (2019-06-19)

Bug Fixes

Only benchmarks available in a license are shown in the benchmark list
Cache clear command works
“Eventually” has arrived
Report generation script as JSON

Features

Networkparse 1.6.5
JSON export of individual findings
Individual findings JSON can be built quickly from the command line

v2019.06.4 (2019-06-09)

Bug Fixes

Scale workers correctly again, now that zombie workers are corrected
Keep trying worker names until one works, fixing workers dying early

v2019.06.3 (2019-06-07)

Bug Fixes

Use command -v instead of which in POSIX and CSH environments. Fixes an issue with Solaris 10

v2019.06.1 (2019-06-05)

Bug Fixes

MySQL scripts can be generated

Features

PP scripts run in a function now, allowing them to return early
Updated NetworkParse to 1.6.4

Only run a single worker until name duplication issue can be resolved

v2019.05.9 (2019-05-30)

Bug Fixes

Handle non-UUID case in patching benchmarks

Features

NetworkParse 1.6.1

Removed applications from the DB

v2019.05.8 (2019-05-22)

Bug Fixes

Skip loading benchmarks if they don’t exist in installer
When building installers without a complete installer, don’t die
Handle diffs requests that have JSON files that are not in the DB

Features

Easier method of extracting benchmark changes from last update

Check for new STIGs every hour

v2019.05.7 (2019-05-21)

Bug Fixes

Added FortiOS to application fixture
Only show overlay if dragging files, not text

Features

NetworkParse v1.2.0
Show OSes in command table row
Benchmark metadata is always loaded and placed in store, making page transitions faster

v2019.05.6 (2019-05-16)

Bug Fixes

When the user is not logged in, don’t show file drop indication
Importing clients with incomplete control ratings now works
If rule ID isn’t available, use stig id for checklists
When exporting Checklists, use Rule ID

Features

Added FortiOS (Fortinet networking OS)
Better error handling on uploads
SPA pages now support drag-and-drop file upload of multiple files
Added RSS feed of STIG changes
Allow specifying the starting url for a benchmark scrape
Updated benchmark scraper to use new DISA cyber.mil site
Rule ID now stored in DB and there is a way to import them using DISA XML

On connection/download errors, don’t leave the link as marked

v2019.05.5 (2019-05-13)

Features

Added flag to PP testing script to ignore SSL errors, useful for self-signed certs

v2019.05.4 (2019-05-13)

Updated NetworkParse documenation to the latest version

v2019.05.3 (2019-05-10)

Bug Fixes

Only create pwsh directory if we’re going to actually extract powershell
No longer need to create symlink for powershell, the script itself will create an alias if needed
Supress some PS errors and allow it to work properly on systems with Powershell Core only (pwsh vs powershell)
Less noisy PS extraction
ISOs with multi-extension files work
ESXi from PS now uses correct env
Include updated OS and execution environment info in fixtures
When setting up PowerCLI, use system-specified PathSeparator
Ensure benchmark cache is cleared on imports of JSON

Code Refactoring

ZIP and ISO production use the same method for folder creation

Features

PowerCLI Environment for ESXi
PowerCLI helper in place
Helper assignments can be import/exported
Metadata for benchmarks is easier to read and shows information about runners/oses

v2019.05.2 (2019-05-02)

Bug Fixes

CCI rebuilding will load data correctly at completion
Recommendations and control adds/removes/overlays included in export
Include control number in ratings for client exports

v2019.05.1 (2019-05-02)

Bug Fixes

CCI ratings showing under Control Rater modal
Don’t show pager while loading cci/control ratings
POA&M generation errors
DISA Scrape no longer breaks on XML that is not a benchmark
File importer redirect
CCIs in benchmarks will now import correctly
Client controls load properly
ControlRating migration name issue
No longer include controls in installer
SAR generation with new CCI ratings
Control Rater sort order
Control Rater default sort
Control Rater rebuild button
Control rating page and SAR generation working with new control rating table
Indexed check CCI numbers
When searching for ONLY a control group, don’t search other text
PDB left in test
SE family sorting into the middle of SC
Link back to benchmark from check
Allow changing versions in comparison
Allow access to the homepage when not logged in. Oops.

Code Refactoring

CCIs eradicated from StigCheck
Function documenation
Removed numerous old STIG change components

Features

Use new benchmark diff across the board
Benchmark diff remade as SPA
SPA homepage used for all home-page links
Homepage is now SPA

CCI rater moved to same format as control rater
Controls and CCIs completely removed, migration not applied to remove columns yet
Dependencies upgrades

v2019.04.18 (2019-04-18)

Bug Fixes

Title in benchmarks hides on small screens (short title still visible)
When not authenticated, don’t fail on removing commands from metadata
Dynamically show/hide pager on all pages using it
Check links and JS errors when no benchmarks are visible
Allow anonymous users to get background task information
Benchmark check paging is actually used for table
Benchamrk CCIs listing/editing corrected
Don’t show Extras in control list
Hide withdrawn controls on control list (can still be viewed)
CCI searching
Scroll position between SPA pages should be more natural
Increased number of items on pages
Use RMF JSON rather than DB for client control determination
Cross-domain overlays corrections
Never apply text-based AA to CCI benchmark
Background task errors have red alert again
Background exception error handling
OVAL importing

Code Refactoring

Removed unneeded template files for controls
Additional old control pages removed
Controls no longer have separate group pages
Removed dependence on RMF controls in DB for reporting
Removed dead system import/export code

Features

From SPA pages, directly go to client selector
Use new SPA benchmarks page
CCIs can now be searched by related RMF controls
Load metadata locally to benchmark list, not into Vuex
Benchmark list is now dynamic, although too slow to use
Paging added to benchmark checks
Show benchmark name on check
Overlays now use SPA exclusively
Overlays now have SPA page
When CCIs are loaded, RMF related numbers are normalized
CCIs now have SPA page available
Controls are now handled by SPA
RMF controls are now searchable and paged
JS Control browser built, not yet default option
Sentry is now used for error recording rather than Rollbar
CCI benchmark is now marked NA based on the client control set.
AA data import now available, upload using the normal fields
Automatic analysis data can be export for a benchmark from the same location as normal benchmark exports

Sorting, searching, and paging support all moved to pager mixin
Metadata is produced much more quickly when not in cache
Removed benchmark files to make searching clearer
Removed client.rmf_controls
Removed dependencies on client.rmf_controls
Rollbar removed

v2019.04.1 (2019-04-04)

Bug Fixes

Re-enabled coverage information for controls
Removed duplicate CCI entry for CA-1
Client selected controls working again
Don’t double-request benchmark when benchmark page first loads
PP docs not loading in Python 3.7
More likely to find the “useful” error message in the string exeception info
Better handling of in-progress statuses

Code Refactoring

Removed PP browser, instead we point to generated docs

Features

Control list loading speed improved by nearly 50%
Benchmark loading happens in background
Removed need to rebuild scan and benchmark caches during install
Full traceback available for failed tasks (for logged-in users)

Testing around comparisons put in place
Consolidated async network handling and downloads
Local installs should spawn more workers. Defaults to 4, but can be configured in /etc/xylok.conf
K8s will now run worker correctly
Moved from Celery to Python RQ to support Python 3.7 and allow better task management
Moved entirely to Poetry from Pipenv
Moved to Python 3.7
Removed unused benchmark_api
Numerous changes to control access internally

v2019.02.7 (2019-02-27)

Bug Fixes

Scan comparison should be more reliable
Scan comparison now automatically performs a compare when both selections are locked

v2019.02.6 (2019-02-21)

Features

Include changelog in docs index

Easier method of building release notes

v2019.02.5 (2019-02-21)

Bug Fixes

PathPrefixStrip for docs to allow them to load correctly in standalone installs
Change log section titles for changelog

Specify limit and request for all memory on K8s

v2019.02.4 (2019-02-21)

Installers built in tagged directories now and make installer names more straight forward
No longer deploy on tags, only master

v2019.02.3 (2019-02-21)

Features

Build release notes and automatically push them