Home Feedly IFTTT Ensure DISA Certificate Compliance using VCM

Ensure DISA Certificate Compliance using VCM

By
Monday, August 11, 2014
Read
Add Comment
Today, I show you how you can ensure you comply to DISA mandates to have DoD certificates on each Microsoft Windows machine using VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops). For this example, DISA STIG forWindows 8 / 8.1 Version: 1 Release: 6 released on 25 […]]> Today, I show you how you can ensure you comply to DISA mandates to have DoD certificates on each Microsoft Windows machine using VMware vCenter Configuration Manager (VCM), a key component in the VMware vCenter Operations Suite (vC Ops).

For this example, DISA STIG forWindows 8 / 8.1 Version: 1 Release: 6 released on 25 Jul 2014 is taken.


Below are the DISA requirements for certificates:



  • WN08-PK-000001 – The DoD Root Certificate must be installed into the Trusted Root Store

  • WN08-PK-000002 – The External CA Root Certificate must be installed into the Trusted Root Store

  • WN08-PK-000003 – The DoD Interoperability Root CA 1 to DoD Root CA 2 cross certificate must be installed into the Untrusted Certificates Store

  • WN08-PK-000004 – The US DoD CCEB Interoperability Root CA 1 to DoD Root CA 2 cross-certificate must be installed into the Untrusted Certificates Store


So, basically these requirements want you to follow below steps manually to ensure the entries exist:



  1. Navigate to EACH Local Machine > Certificate Stores

  2. Check out DISA certificates with particular thumbprints, Issued To and Issued By Exist


Having to manually check each of the machine for this can be a nightmare. But, wait, here is VCM!


You can navigate to VCM console and check if those thumbprints exists with other details:



WN08-PK-000001




WN08-PK-000002




WN08-PK-000003




WN08-PK-000004



But, wait, I promised you no manual interventions right. Correct, so you can create 4 compliance rules one for each of the certificate requirements usingUI based rule creation wizard (matter of a few clicks):


Here is how the rules show up:



DISA Certificate Requirement Rules



Now, run the compliance rules on your VCM managed Windows Infrastructure and boom, it shows up your compliant and non-compliant machines!



Certificate Check Results



Now, send that report to your infrastructure manager and get the certificatesdeployed! Isn’t that easy?


Keep in mind that VCM manages not only virtual environments, but covers physical as well. It is the market leader in Configuration Audit, Change Detection, Patch Management and COMPLIANCE content.


Let me know if you would like to see more of such quick peeks and I won’t disappoint you!


Come, join the journey to Start Green Stay Green!


Thanks and regards,

Pravin Goyal

RHCE | HP-UX CSA | VCP | MBA | CISSP | GISP | CCSK | CloudU | CompTIA CE | ITIL-F | ITSM-F | CWNA | CWSP | Mobility+






from VMware Blogs http://bit.ly/1uGkbkK
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us