Update - PAe ROCÍO, solution of audit of safety on configurations of communications equipment
the accesskey _ mod _ content

Updating ROCÍO, solution of audit of safety on configurations of communications equipment

05 July 2019


The solution, developed by the CCN, streamlines the process of audit of safety on configurations of communications equipment

The Centre PKIX has updated the National ROCÍO solution (Opens in new window) available at the portal of CCN-CERT, with the aim of facilitating the configuration of network devices, routers and switches of Cisco, Aruba and Telesus Cubiertas, as well as firewalls Fortigate. Thanks to ROCÍO, automate the basic tasks of audit, allowing the security leaders can check from a quick way, if your device is properly configured.

The analysis of compliance is based in safety standards contained in the guides CCN-STIC. Specifically, the safety guides CCN-STIC-641 Cisco Routers, CCN-STIC-643A security in Communications equipment. Cubiertas Telesis with OS AW +, CCN-STIC-644 Security in communications equipment Switches Cisco, CCN-STIC-647C switches Safety and Aruba HPE CCN-STIC-650 Fortigate firewall Security . These documents and provides a set of guidelines for safe configuration of communications equipment.

All this, based in the checking of a series of rules, developed by the CCN, on the configuration and the results of implementing certain commands in the teams consoles (rules that are updated periodically as manufacturers developed its operating systems and create new functionalities).

The solution is provided as a web interface which allows for storing configurations, select different packages of rules and generate reports of compliance.

To access the service requires installing a safety certificate in the browser, which must be requested in the contact email rocio@ccn-cert.cni.es , indicating name, contact telephone and agency applicant.

ROCÍO is one of their own solutions of audit of National PKIX Centre which, together with ANA (Opens in new window) (Automation and standardisation of Audits), PILLAR (Opens in new window) (Analysis and risk management), CLEAR (Opens in new window) (Compliance Audit ENS/STIC on systems Windows) and INES (Opens in new window) (Informe de Estado de Seguridad en el ENS), busca facilitar el análisis de equipos y sistemas a todos los responsables de seguridad.

Original source of the news (Opens in new window)

  • Security
General access point
General access point