Compliance

In my previous post titled Introduction to VMware vRealize Automation SaltStack SecOps, I provided an introduction to VMware Aria Automation SaltStack Automation SecOps, as well as a brief history and overview of the product’s capabilities. In this post, I’ll dive deeper into the product’s compliance management capabilities. Compliance Checks Compliance checks are at the foundation of VMware Aria Automation SaltStack SecOps compliance management. These checks provide the information necessary to identify the purpose of the check, the operating systems it applies to, the rationale for the check, and, more importantly, the state file responsible for implementing/remediating the check.

Recently I began familiarizing myself with VMware vRealize Automation SaltStack Config in my home lab. While I'm still relatively new to the product, I was curious to learn more about the compliance and vulnerability management capabilities provided by the SecOps add-on. In this post, I introduce VMware vRealize Automation SaltStack SecOps and briefly review the various features and functionality provided by the product. In subsequent blog posts, I will give a more in-depth look at vulnerability management and compliance management capabilities.

On April 22, 2022 the Defense Information Systems Agency (DISA) released the third update to the VMware vSphere 6.7 STIG. Version 1, Release 3 contains minor changes to the VMware vSphere 6.7 Photon OS STIG.

While I will admit that I’m a little bit behind on this one, I’ve finally put together my vRealize Operations compliance content for the VMware vSphere 6.7 STIG that was released by DISA earlier this year. The VMware vSphere 6.7 STIG release was quite different from the previous releases and includes 12 separate STIGs. Not only are there compliance checks related to Virtual Machines, ESXi hosts, and the vCenter Server application, there are also STIGs for various services that make up the vCenter Server Appliance (VCSA).

Almost exactly 3 years after vSphere 6.7 was released (April 17, 2018) and approximately 17 months prior to the end of General Support (October 15, 2022), the Defense Information Systems Agency (DISA) made available the first STIGs for VMware vSphere 6.7 on April 22, 2021. The STIGs can be downloaded from the Public DoD Cyber Exchange STIGs Document Library by searching for “VMware vSphere 6.7”. What’s New? Unlike the previous VMware vSphere 6.