Skip to main content

Search

Welcome to VirtualSME Support

Check security standard (STIG) compliances and required actions

David Edwards-Hall
  • Updated

Menu option: Best Practice > STIG

Select one or more Site IDs, and click Generate STIG Report. A screen similar to the following opens.

VirtualSME STIG.jpeg.png

There are three parts to the STIG Analysis:

STIG Compliance Score - these Widgets give an overview of compliances and non-compliances with security controls, and the severity of the non-compliances.

STIG Requirements - this Table enables you to view the breakdown of the Report results, and gives remedial actions for non-compliances. 
You can also Filter and Export STIG Requirements, extracting records of selected severity, compliance status, and device type.

Device Compliance Search - this features reports on non-compliance issues for specific devices, IP addresses or serial numbers. You can also report on device types.

 

STIG Compliance Score

Information displayed in the Widgets includes:

  • Compliant - the number of security controls that currently comply with STIG.
  • Non-Compliant - the number of security controls that do not currently comply with STIG. You can filter these controls, and obtain details on the actions required in the STIG Requirements section of this Module.
  • Not Checked - number of security controls that could not be checked.
  • Devices Scanned - number of devices scanned.
  • Last Scan - time elapsed since last scan.
  • Controls: Cat I / II / III - a breakdown of the severity of the controls assessed, by compliances and non-compliances.

 

STIG Requirements

Information displayed in the Table includes:

  • STIG ID - the identifier for the security control.
  • Requirement - gives the action that needs to be taken to achieve compliance.
  • Device Type - lists the device type.
  • Severity - can be Cat I  - High, Cat II - Medium, or Cat III - Low.
  • Status - can be Compliant, Non Compliant or Not Checked.
  • Affected Device - Number of affected devices. To view a list of affected devices, scroll across to the Action column, click on the three dots, and select View.
  • Acknowledged - indicates whether the STIG record has been Acknowleged. Defaults to No. To acknowledge, scroll across to the Action column, click on the three dots, and select Acknowledge.
  • Action - click on the eye symbol to view two options. Click on View to view full details for the report item, including a list of affected devices. Or click on Acknowledge to change the Acknowledged column for that record from No to Yes.

 

Filter and Export STIG Requirements

VirtualSME filter STIG.jpeg.png

Use the filter bar to filter on any or all of:

  • STIG ID, rule ID or description - can be a full or partial entry, including keywords.
  • Severities -  Select from the drop-down. Can be Cat I  - High, Cat II - Medium, or Cat III - Low.
  • Statuses - Select from the drop-down. Can be Compliant, Non-compliant, or Not Checked.
  • Device Types - Select from the drop-down.

Click on Export Report to export the displayed information in .csv format.


Device Compliance Search

Use the search box to search for a specific device, IP addresses or or serial number, or alternatively select a device type from the drop-down list. A screen similar to the following opens:

Device compliance.png

This reports lists the device’s non-compliances, suggested remediation, and the non-compliance’s severity.
 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk