Introducing DORA and Full STIGs for VMware

The Runecast team is always working to find new ways to improve our customer experience. Each new product release adds a new layer of capabilities, designed to facilitate even faster times to resolution, meaning fewer risks in our customers’ environments. 

‍

Driven by customer feedback, Runecast version 6.7 introduces an industry first – VMware coverage for DORA security compliance.

‍

In this article, you will learn what Digital Operational Resilience Act (DORA) compliance is and why it is important for the financial sector, and how you can completely cover the full DISA STIG requirements by utilizing Runecast.

‍

To learn more about agentless VMware workload deployment and how to deploy it, refer to the Runecast Release Notes and to the Runecast User Guide. 

What are the improvements that current Runecast users will benefit from?

[fs-toc-h2]DORA compliance for VMware

‍

In another industry first, Runecast 6.7 now provides out of the box coverage for the Digital Operational Resilience Act (DORA), for VMware, which addresses a crucial issue in EU financial regulation. DORA specifically targets ICT risk, laying down rules for managing that risk, reporting incidents, testing operational resilience, and monitoring third-party ICT risk. 

‍

Runecast 6.7 provides the platform for assessing the risk, detailing an environment's compliance to DORA and pinpointing precisely how to remediate any issues found. This enables a quick resolution time and ensures that audits are successfully passed on the first attempt, consistently.

UPDATE: With the release of Runecast 6.8 on November 7, 2023, DORA compliance coverage was extended also to Windows and Linux operating systems.

‍

To learn more about DORA compliance see What is the Digital Operational Resilience Act (DORA)?

‍

[fs-toc-h2]100% DISA STIG Security Assessment Information for vSphere 7.0

‍

With the launch of Runecast 6.7, all 12 sections of the STIG security assessment are now encompassed. This ensures that all Department of Defense (DoD) agencies, organizations that are part of the DoD information networks (DoDIN), and defense contractors can achieve full compliance within their respective environments.   

‍

The VMware vSphere 7.0 STIGs are made up of the following:

‍

• VMware vSphere 7.0 ESXi STIG
• VMware vSphere 7.0 Virtual Machine STIG.  
• VMware vSphere 7.0 vCenter STIG
• VMware vSphere 7.0 vCenter Appliance ESX Agent Manager (EAM) STIG
• VMware vSphere 7.0 vCenter Appliance Lookup Service STIG
• VMware vSphere 7.0 vCenter Appliance Performance Charts (Perfcharts) STIG
• VMware vSphere 7.0 vCenter Appliance Photon Operating System (OS) STIG
• VMware vSphere 7.0 vCenter Appliance PostgreSQL STIG
• VMware vSphere 7.0 vCenter Appliance RhttpProxy STIG
• VMware vSphere 7.0 vCenter Appliance Secure Token Service (STS) STIG
• VMware vSphere 7.0 vCenter Appliance User Interface (UI) STIG
• VMware vSphere 7.0 Appliance Management Interface (VAMI) STIG

[fs-toc-h2]Other features that version 6.7 brings to our customers 

In addition to all the previously mentioned updates, version 6.7 brings extra capabilities to the platform. These improvements allow for more comprehensive vulnerability and security compliance and identification across all supported systems. The list below shows new profiles added with this version:

‍

• All Ubuntu CVEs dating back to 2020 are now included
• The ISO 27001 profile is enhanced to cover Microsoft Azure
• Cyber Essentials for AWS
• HIPAA for AWS
• CIS 1.7.1 for Kubernetes
• Remediation scripts added to cover DISA STIG profile rules for VMware vSphere
• Linux rules customization 
• New CVEs for Microsoft, Linux and Kubernetes
• All SUSE CVEs for 2020/2021/2022/2023

‍

Conclusion 

‍

Runecast version 6.7 provides complete DORA compliance and full DISA STIG compliance which provides the top 14 security compliance standards required by our customers, ensuring that organizations can stay ahead of audits with continuous compliance, and ensure greater uptime. 

‍

Runecast constantly includes new vulnerability information along with the latest updates to the security standards already covered.

‍

With quick access to data, our platform allows for greater insights into potential risks within your environment. This, in turn, accelerates the remediation process and helps to protect your infrastructure from potential threats. 

‍

We value your opinion and want to hear your feedback on this and future releases. There are several ways for you to provide feedback.

1. One way is through the "Give us feedback" option in the top menu within the Runecast UI. This allows you to directly submit your thoughts and suggestions to our team.
2. Another way is by enabling the "Improvement program" which you will find in Settings. By doing this you will opt-in to automatically share anonymous usage data and feedback with our team.
3. Or you can use our Contact Form.

‍

We believe that your input is crucial in helping us improve and enhance the user experience.

If you would like to find out more about how your teams can benefit from these and existing features, contact our team for a demo.