Sicura Enterprise Edition
  1. Introduction
  2. Licensing
  3. Installing SIMP EE
  4. Server install from RPM
  5. Server install from ISO
  6. Upgrade SIMP EE
  7. Server Installation via Control Repo
  8. Enable SIMP Compliance Engine
  9. Configure SIMP Compliance Engine
  10. Included Compliance Profiles
  11. Console install via Puppet
  12. Scanner Install via Puppet
  13. Simp-downloader script Reference
  14. Coverage - CIS, Windows
  15. Coverage - CIS, Linux
  16. Coverage - DISA, Windows
  17. Coverage - DISA, Linux
  18. Windows CIS module usage
  19. Linux CIS Module Usage
  20. Linux DISA Module Usage

Windows CIS module usage


This module has been tested and is supported on Domain Controllers, Domain Members, and standalone systems running the following Windows versions:

CIS recommendations in section 19 contain settings that must be enforced per user. These settings are not easily enforced via Puppet at this time. To enforce these recommendations we have provided Group Policy templates with compliant settings in the files folder of the module. These templates will be copied to C:\Windows\Temp\SIMP-GP on all Domain Controllers by default. To modify the destination directory, set the following parameter in Hiera at a higher level than compliance_markup.

simp_enterprise_windows_cis::usergpo_dest_folder: `C:\Windows\Temp\SIMP-GP`

To disable copying the template files to Domain Controllers, set the following parameter in Hiera at a higher level than compliance_markup:

simp_enterprise_windows_cis::add_usergpo_templates: false

To import the template to Active Directory:

  1. Create a new Group Policy Object in Active Directory.
    • Settings can also be imported into existing Group Policy Objects, but this is not recommended.
  2. Right-click the new GPO and select import settings.
  3. Click Next on the initial description screen.
  4. Click Next on the backup screen.
  5. Click Browse on the backup location screen and select either USER-L1 or USER-L2 from C:\Windows\Temp\SIMP-GP. Click OK to return to the import wizard. Click Next to continue.
    • The ‘USER-L1’ folder contains the settings for L1 profiles, and the ‘USER-L2’ folder contains settings for L2 profiles. If you wish to enforce an L2 profile, you will need to import settings for both L1 and L2.
  6. Click the name of the backup in the list if it is not already and click Next.
  7. Click Next on the Scanning Backup screen.
  8. Click Finish on the completion summary screen.
  9. Link the new GPO to Organization Units containing User accounts.