Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Kavan
Advisor

Compliance blade updates

Auditors want to see where/how the Check Point compliance blade keep up with the latest CVE updates.   Is there a place to see where those updates are configured?    In the overview page, I can see in system messages that the compliance blade update package has succeeded.  But they want to see where that's configured to automatically update the CVEs.   It does say Regulations will be updated automatically. 

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee

Specific CVE tracking is not within the scope of the Compliance blade. 

See a list here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsecurityalerts 

Alternately for an IPS focus, refer: https://www.checkpoint.com/advisories 

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor

The compliance blade might be a great place to add the Security Alerts emails that come out on the CVEs for CP products.  Because they check every gw and manager, it would be a great place to show off the CVE patching was done, like the latest Apache email that came out.

 

It would be great to add a Check Point regulation and scan the gw for CVE compliance, meaning that recommended patches for CVE's to Check Point products were patched.   Even, Net App has a central product to look at its own CVEs.  I want and need to know if my gateway was patached for sk175806, CVE-2021-30358 before and after a JHF for example.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Per sk120256 you can create user defined checks for GAiA OS based on a script which may suit your use case.

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor

 

Today the auditors are asking if CIS benchmarks are part of the compliance blade....

Has anyone seen anything writing, or a statement from a CheckPoint that states the CIS benchmarks are part of the compliance blade?

Thanks Chris!

I found the answer is YES in SANS Top 20 Critical Controls - SANS Institute, working in concert with the Center for Internet Security (CIS), has created a comprehensive security framework—the Critical Security Controls (CSC) for Effective Cyber Defense (often referred to as the SANS Top 20)1 —that provides organizations with a prioritized, highly focused set of actions that are implementable, usable, scalable, and compliant with global industry & government security requirements. These recommended security controls also serve as the foundation for many regulations & compliance frameworks, including NIST 800-53, PCI DSS 3.1, ISO 27002, CSA, HIPAA, and many others.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

This was posted recently FYI

https://community.checkpoint.com/t5/Compliance/CIS-Benchmarks/m-p/134755

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events