1. Introduction
2. Licensing
3. Installing SIMP EE
4. Server install from RPM
5. Server install from ISO
6. Upgrade SIMP EE
7. Server Installation via Control Repo
8. Enable SIMP Compliance Engine
9. Configure SIMP Compliance Engine
10. Included Compliance Profiles
11. Console install via Puppet
12. Agent Install via Puppet
13. Simp-downloader script Reference
14. Coverage - CIS, Windows
15. Coverage - CIS, Linux
16. Coverage - CMMC, Windows
17. Coverage - CMMC, Linux
18. Coverage - DISA, Windows
19. Coverage - DISA, Linux
20. Coverage - NIST 800-171 r2, Windows
21. Linux DISA Module Usage
22. Windows CIS module usage
23. Linux CIS Module Usage

Included Compliance Profiles

The following profiles are provided with SIMP Enterprise. Use these profile names in the SIMP Compliance Engine configuration to report on and enforce these industry standard benchmarks.

RHEL / CentOS / Oracle Linux 7 and 8

Center for Internet Security (CIS) - Linux

Control coverage details are documented here. Compliance module usage details are documented here.

• cis:level:1:server
• cis:level:2:server

Additionally, based on Controls mappings provided by CIS, we provide the following profiles.

US Department of Defense Cybersecurity Maturity Model Certification (CMMC)

• cmmc:level:1
• cmmc:level:2
• cmmc:level:3
• cmmc:level:4
• cmmc:level:5

US Defense Information Systems Agency (DISA)

Control coverage details are documented here. Compliance module usage details are documented here.

• disa:mac-1:classified
• disa:mac-1:public
• disa:mac-1:sensitive
• disa:mac-2:classified
• disa:mac-2:public
• disa:mac-2:sensitive
• disa:mac-3:classified
• disa:mac-3:public
• disa:mac-3:sensitive

Windows Server 2012 / 2012 R2 / 2016 / 2019

Center for Internet Security (CIS) - Windows

Control coverage details are documented here. Compliance module usage details are documented here.

• cis:level:1:domain:controller
• cis:level:2:domain:controller
• cis:level:1:member:server
• cis:level:2:member:server

Please note the following profiles are only defined by CIS on Windows 2016 and 2019. They provide enforcement for boot and virtualization options that are not available in previous versions of Windows. If needed, these profiles should be specified in addition to Level 1 or Level 2 profiles.

• cis:next:generation:windows:security:domain:controller
• cis:next:generation:windows:security:member:server

Additionally, based on Controls mappings provided by CIS, the following profiles are provided.

US Department of Defense Cybersecurity Maturity Model Certification (CMMC)

• cmmc:level:1
• cmmc:level:2
• cmmc:level:3
• cmmc:level:4
• cmmc:level:5

US Defense Information Systems Agency (DISA)

Control coverage details are documented here.

• disa:mac-1:classified
• disa:mac-1:public
• disa:mac-1:sensitive
• disa:mac-2:classified
• disa:mac-2:public
• disa:mac-2:sensitive
• disa:mac-3:classified
• disa:mac-3:public
• disa:mac-3:sensitive

Additionally, based on Controls mappings provided by NIST, the following profiles are provided for Windows 2012r2, 2016, and 2019.

NIST SP 800-171

• nist:sp:800:171:r2

HIPAA

• hipaa