This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
Advisor
‎2021-11-24 07:10 AM

Compliance blade updates

Auditors want to see where/how the Check Point compliance blade keep up with the latest CVE updates.   Is there a place to see where those updates are configured?    In the overview page, I can see in system messages that the compliance blade update package has succeeded.  But they want to see where that's configured to automatically update the CVEs.   It does say Regulations will be updated automatically. 

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2021-11-24 11:17 PM

Specific CVE tracking is not within the scope of the Compliance blade. 

See a list here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsecurityalerts 

Alternately for an IPS focus, refer: https://www.checkpoint.com/advisories 

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor
‎2021-11-27 06:11 PM
In response to Chris_Atkinson

The compliance blade might be a great place to add the Security Alerts emails that come out on the CVEs for CP products.  Because they check every gw and manager, it would be a great place to show off the CVE patching was done, like the latest Apache email that came out.

 

It would be great to add a Check Point regulation and scan the gw for CVE compliance, meaning that recommended patches for CVE's to Check Point products were patched.   Even, Net App has a central product to look at its own CVEs.  I want and need to know if my gateway was patached for sk175806, CVE-2021-30358 before and after a JHF for example.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2021-11-28 03:40 AM
In response to Daniel_Kavan

Per sk120256 you can create user defined checks for GAiA OS based on a script which may suit your use case.

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor
‎2021-12-02 05:32 AM

 

Today the auditors are asking if CIS benchmarks are part of the compliance blade....

Has anyone seen anything writing, or a statement from a CheckPoint that states the CIS benchmarks are part of the compliance blade?

Thanks Chris!

I found the answer is YES in SANS Top 20 Critical Controls - SANS Institute, working in concert with the Center for Internet Security (CIS), has created a comprehensive security framework—the Critical Security Controls (CSC) for Effective Cyber Defense (often referred to as the SANS Top 20)1 —that provides organizations with a prioritized, highly focused set of actions that are implementable, usable, scalable, and compliant with global industry & government security requirements. These recommended security controls also serve as the foundation for many regulations & compliance frameworks, including NIST 800-53, PCI DSS 3.1, ISO 27002, CSA, HIPAA, and many others.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2021-12-02 07:26 AM
In response to Daniel_Kavan

This was posted recently FYI

https://community.checkpoint.com/t5/Compliance/CIS-Benchmarks/m-p/134755

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events