びびなび : World : () World

Migration from Chef InSpec and AWS Inspector to Tenable Security Center








CMS Cloud


Migration from Chef InSpec and AWS Inspector to Tenable Security Center

________________________________________________________________________



Summary

On *June 18th, 2024*, CMS Hybrid Cloud will decommission Chef InSpec and AWS Inspector in favor of adopting Tenable Security Center [ https://www.tenable.com/products/security-center ] as our official enterprise tool for vulnerability and compliance scanning. Please follow the provided remediation guidance [ https://cloud.cms.gov/remediating-tenable-compliance-findings-on-pre-may-2024-gis ] to resolve any additional findings as a result of this migration. Additionally, please check out our related documentation such as how to view findings in AWS Security Hub [ https://cloud.cms.gov/working-with-findings-aws-security-hub ], and our introduction to the Tenable Security Center [ https://cloud.cms.gov/getting-started-with-tenable ], etc.

**Amazon Linux 2 (AL2), Red Hat Enterprise Linux 7 (RHEL7), and Red Hat Enterprise Linux 8 (RHEL8)* customers may require further action*. See the "Impact" section below for more information. 

Benefits

Tenable Security Center [ http://tenable.sc/Nessus ] greatly improves vulnerability and compliance coverage compared to AWS Inspector and Chef Inspec. Tenable Security Center offers longer term support, comprehensive coverage, and consolidates reporting with all findings now available to report in Tableau. Regarding cost savings, Tenable Security Center provides these improvements at a lower cost than previous tooling.

Timeline

* *May 17th, 2024*: CMS Gold Images (GI) were published which will automatically scan via Tenable Security Center. 
* *June 18th, 2024*: Chef InSpec and AWS Inspector will be decommissioned*.* Tenable Security Center will be the official tool for vulnerability and compliance scanning.*
*
* *By June 30th, 2024*: CMS Customers will receive findings via Tenable Security Center.

Additional details were sent on June 10th, 2024.

Impact

* *AL2 and RHEL8 customers may receive additional findings. "Remediation options are as follows:"*

* The CMS Hybrid Cloud Team recommends consuming the CMS GIs released on *May 17th, 2024* or any GIs after.
* Please follow the remediation guidance [ https://cloud.cms.gov/remediating-tenable-compliance-findings-on-pre-may-2024-gis ] provided to resolve any additional findings.

* *Customers still using RHEL7 may also receive findings. Please prioritize upgrading to RHEL8*.
* As RHEL7 reaches end-of-life at the end of June 2024, please reach out to your IUSG Advisor for any help upgrading to RHEL8.

* Reporting sources should be switched from Chef InSpec and AWS Inspector to Tenable Security Center findings.

Learn More

* CMS has adopted Tenable Security Center [ https://cloud.cms.gov/getting-started-with-tenable ]
* Working with Endpoint Findings in AWS Security Hub [ https://cloud.cms.gov/working-with-endpoint-findings-aws-security-hub ]
* Learn about Vulnerability Scanning [ https://cloud.cms.gov/vulnerability-scanning ]
* Learn about Database Protection [ https://cloud.cms.gov/database-protection ]

Questions

We look forward to working with you and your team on this effort. Reach out to your IUSG Advisor with any questions or to get help by creating a Hybrid Cloud Support ticket [ https://jiraent.cms.gov/plugins/servlet/desk/portal/22 ] and selecting the "Request Type" as "Security Hub: Finding".



Office of Information Technology




You are subscribed to receive email messages about CMS Cloud Operations, Changes, and Outages from the Centers for Medicare & Medicaid Services (CMS).

To update your subscription(s), preferences or to stop receiving messages from the CMS Cloud Operations, Changes, and Outages Updates- distribution list, please go to our Subscriber Preferences Page [ https://public.govdelivery.com/accounts/USCMS/subscriber/new?category_id=USCMS_C176 ].

________________________________________________________________________

This email was sent to mshinji3056@gmail.com using GovDelivery Communications Cloud 7500 Security Boulevard · Baltimore MD 21244


body .abe-column-block {min-height: 5px;}