Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Kavan
Advisor

Compliance blade updates

Jump to solution

Auditors want to see where/how the Check Point compliance blade keep up with the latest CVE updates.   Is there a place to see where those updates are configured?    In the overview page, I can see in system messages that the compliance blade update package has succeeded.  But they want to see where that's configured to automatically update the CVEs.   It does say Regulations will be updated automatically. 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee
Employee

Per sk120256 you can create user defined checks for GAiA OS based on a script which may suit your use case.

View solution in original post

5 Replies
Chris_Atkinson
Employee
Employee

Specific CVE tracking is not within the scope of the Compliance blade.

More commonly this would be an IPS focus, refer: https://www.checkpoint.com/advisories 

Daniel_Kavan
Advisor

The compliance blade might be a great place to add the Security Alerts emails that come out on the CVEs for CP products.  Because they check every gw and manager, it would be a great place to show off the CVE patching was done, like the latest Apache email that came out.

0 Kudos
Chris_Atkinson
Employee
Employee

Per sk120256 you can create user defined checks for GAiA OS based on a script which may suit your use case.

View solution in original post

Daniel_Kavan
Advisor

 

Today the auditors are asking if CIS benchmarks are part of the compliance blade....

Has anyone seen anything writing, or a statement from a CheckPoint that states the CIS benchmarks are part of the compliance blade?

Thanks Chris!

I found the answer is YES in SANS Top 20 Critical Controls - SANS Institute, working in concert with the Center for Internet Security (CIS), has created a comprehensive security framework—the Critical Security Controls (CSC) for Effective Cyber Defense (often referred to as the SANS Top 20)1 —that provides organizations with a prioritized, highly focused set of actions that are implementable, usable, scalable, and compliant with global industry & government security requirements. These recommended security controls also serve as the foundation for many regulations & compliance frameworks, including NIST 800-53, PCI DSS 3.1, ISO 27002, CSA, HIPAA, and many others.

0 Kudos
Chris_Atkinson
Employee
Employee
0 Kudos