Puppet Security Compliance Management (SCM) 3.5.0 and Puppet Comply 2.25.0 are now available!
#devops#security#compliance
Jason St-Cyr

Jason St-Cyr @jasonstcyr

About: Dad, Writer, DevRel guy at work. Opinions expressed are my own, of course.

Joined:
Jun 20, 2019

Puppet Security Compliance Management (SCM) 3.5.0 and Puppet Comply 2.25.0 are now available!

Publish Date: Jul 14
0 0

What's new?

Flexible Java management 

The Comply module now includes the option to use a locally installed Java runtime, instead of the Java bundled with the CIS-CAT Pro Assessor. 

  • You can toggle between using a compatible local Java installation or the bundled Java. 

  • When your locally installed Java version is specified, the bundled Java is automatically removed to streamline your environment. 

  • If you choose to revert to the bundled Java, it is automatically reinstalled.  

This enhancement is ideal for customers with specific Java version requirements or those looking to align with internal security and compliance policies. 

Secrets management for Podman installs

Starting in version 3.5.0, Podman-based installations use a secrets management mechanism to handle passwords and other sensitive information.

CIS-CAT Pro Assessor updates

SCM 3.5.0 and 2.25.0 include Assessor v4.55.0, featuring important security fixes and the following updates to operating system benchmarks.

Updated benchmarks:

  • CIS Ubuntu Linux 24.04 LTS STIG Benchmark v1.0.0 (new) 

  • CIS Microsoft Windows Server 2022 Benchmark v4.0.0 (updated from v3.0.0) 

  • CIS Microsoft Windows 10 Enterprise Benchmark v4.0.0 (updated from v3.0.0) 

  • CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0 (updated from v3.0.0) 

  • CIS Microsoft Windows 11 Stand-alone Benchmark v4.0.0 (updated from v3.0.0) 

  • CIS Microsoft Windows Server 2019 Benchmark v4.0.0 (updated from v3.0.1) 

  • CIS Apple macOS 13.0 Ventura Benchmark v3.1.0 (updated from v3.0.0) 

  • CIS Microsoft Windows Server 2022 Stand-alone Benchmark v1.0.0 (new) 

  • CIS Red Hat Enterprise Linux 9 STIG Benchmark v1.0.0 (new) 

  • CIS Apple macOS 14.0 Sonoma Benchmark v2.1.0 (updated from v2.0.0) 

  • CIS Apple macOS 15.0 Sequoia Benchmark v1.1.0 (new) 

  • CIS SUSE Linux Enterprise 12 Benchmark v3.2.1 (updated from v3.2.0) 

Removed benchmarks:

  • CIS Apple macOS 11.0 Big Sur Benchmark v4.0.0 

  • CIS Oracle Linux 7 Benchmark v4.0.0 

  • CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 

  • CIS Red Hat Enterprise Linux 7 STIG Benchmark v2.0.0 

  • CIS CentOS Linux 7 Benchmark v4.0.0 

  • CIS Debian Linux 10 Benchmark v2.0.0 

  • CIS Ubuntu Linux 18.04 LTS Benchmark v2.2.0

For full details of what's included in the release, see the official docs:

Comments 0 total

    Add comment