Shavlik NetChk Compliance Version History

3.0

Released 8/21/2007

New Features and Enhancements:

• Change Management Feature Group: This group of features provides management and reporting options around changes to security policy and machine security state. The group includes such options as reports on machine and policy changes; user notes on policy, machine, scan, and enforcements; export of machine and policy changes to for change management/ticketing systems; out-of-compliance reports filtering; and on-screen machine scan and change history. These features manage the data and automate reporting for review and auditing of change management processes.
• Custom Checks Wizard: With this wizard, users can define registry or services checks that are specific to their IT or security configuration requirements. Such items may include ensuring necessary services such as anti-virus are running or a specific configuration for the SNMP community string has been renamed, as required by PCI. The wizard approach allows users to quickly build with very limited key information checks that are tailored to their environment and even test the settings for correctness before including them in a policy.
• Context-Sensitive Reporting: Reports are generated based on where users are when viewing compliance results in the application when they generate the report.
• Start/Stop Services: Enterprises can turn off or turn on services as part of enforcement of their compliance policies. Previously, machines required a reboot to enforce starting or stopping a service as part of enforcement.
• New Scan Processing: Changes to the underlying scan engine enable processing of individual machine scan results as they are returned to the console. Earlier versions of NetChk Compliance managed scan results as a single entity. If scans did not fully complete, either intentionally or unintentionally, the portion of the results that had been completed was also lost. This capability removes this "all-or-nothing" scan behavior.
• File Link in Machine Groups: Enables customers to build and manage machine groups by linking to an external text file generated by an asset management system or other tools. Allows for more dynamic creation and management of machine groups. This file linking capability is also common to Shavlik's NetChk Protect product allowing for sharing of such linked files between Shavlik products.

Bug Fixes:

• IP range scanning issues addressed.
• Corrected errors related to scanned account names with apostrophes in name.
• Addressed regional settings issues.
• Fixed cut and paste issues on policy dashboard.

2.1

Released 4/17/2007

New Features and Enhancements:

• Shavlik Policy Dashboard: The policy dashboard provides a high-level view of your policy compliance state and trends. It permits configuration and monitoring to view a specific policy as applied to a machine group; the dashboard shows the current state of compliance for the policy and also compliance trending over time. New policies for patch and spyware items allow additional specific views for these items also.
• NIST 800-53 Framework: The controls framework used to address FISMA compliance is included and provides mappings to assist with FISMA compliance efforts. In addition, other frameworks are included such as Shavlik’s compliance checks categories and the ISO 17799 standard. Filters to view compliance checks, policy, scan results, and reporting allow drilldown into policy setup and compliance results using these various frameworks. New baselines incorporating best practices of the ISO 17799 and NIST 800-53 frameworks are also included.
• Vista Hardening Guide and Compliance Checks: Windows Vista as a new operating system includes compliance checks, such as User Account Control, that are new to Vista and others that also exist from past operating systems. A new hardening guide in the Compliance Info Center focuses on Vista and provides insights into securing this new operating system.

Bug Fixes:

• Added Account Expires field to Local Account Summary report.
• Removed no machines scanned message on cancelled scan.
• Added option for improved scan performance by omitting account scanning of machines with large numbers of accounts.
• Fixed .csv and .tsv file export issues on some reports.
• Added notification if database is not available.

2.0.2

Released 7/17/2006

New Features and Enhancements:

• Shavlik NetChk™ Compliance – Audit Edition: The Audit Edition provides all the functionality of the full edition of the product including the ability to create, monitor and report on established policies, providing a comprehensive measure of the current state of your network
• Shavlik NetChk™ Compliance – Operations Edition: The Operations edition provides access to the complete set of features in the Full Edition of the product, in addition to providing comprehensive policy enforcement capabilities. The Operations Edition does not include the integrated ISO 17799 security framework, which is a standard feature in both the Full and Audit Editions
• Scheduled Scanning: This new feature allows the user to specify when and how often a scan should be run. It also provides the means of performing automated enforcement.
• Import and Export Policies: This feature allows the user to export as well as import any policy, which will be beneficial to customers who have multiple installations of the application (i.e. Operations and Audit), and want to share polices that are already developed and approved.
• 110 Additional New Security Configuration Checks



Bug Fixes:

• None for this release