More exciting news from the Bandolier project… we are wrapping up some extensive collaborative testing with one of our vendor partners. It is the most thorough outside review of the Bandolier audit files to date and we are very pleased with the results. With each development and testing cycle, we are able to apply what [...]

Tenable recently announced an additional feature for the Nessus compliance checks — support for WMI (Windows Management Instrumentation). I have used WMI for some scripting in the past and even played with WMIC. Still I wasn’t sure how or if this capability would help with Bandolier so I decided to use the WMI Object Browser [...]

Once you’ve done something a few times, you learn what works well and what doesn’t. This is true for a lot of things in life and has certainly proven to be the case for the Bandolier audit file development process. The big lesson learned for Bandolier: vendor participation in the audit file development is extremely [...]

The first Bandolier results are out! We are pleased to announce that alpha versions of Bandolier audit files for Siemens Power TG and Telvent OASyS DNA are now available for download. These files, which work with the Nessus vulnerability scanner, will audit and compare your deployments with an optimal security configuration. They are available to [...]

Tenable Network Security, the makers of Nessus, announced today that they have added audit files for AIX. You can read more about it on the Tenable blog. It’s good to see more and more operating systems added to the list. We don’t have any AIX systems slated for Bandolier but I know that it’s out [...]

Since we just can’t seem to stop talking about naming issues related to the Bandolier project (Audit File vs. Template, Categories, Severity Ratings), here’s one more: Tenable is changing their Nessus DirectFeed product to ProfessionalFeed.  This annual subscription service is a prerequisite for using the Bandolier audit files. Among other things, it also gives you [...]

One of the fun things about working for Digital Bond is that we get to share some of our back-end conversations and thought processes here on the blog when we feel they will be of benefit. We recently had one of those discussions regarding terminology for the Bandolier project.  It started something like this:
Dale: So [...]

We’ve talked occasionally about using the Bandolier audit templates to help with various standards compliance efforts. There is now a SCADApedia article that more formally describes how and where Bandolier links to the NERC CIP requirements.
Earlier this week I presented on our DoE projects to the SPP CIPWG, a group particularly concerned with NERC CIP. [...]

We have been working feverishly on Bandolier for several months now and have blogged about some of the issues and progress along the way. Notably absent, however, has been discussion about which applications we have assessed and which respective audit files are under development. So I am especially pleased to be able to announce the [...]

There has been some talk on Bandolier on mailing lists and blogs, and it is clear that we have not done a good enough job describing what Bandolier will do and what Bandolier will not do. Actually, a number of these discussions have been helpful in understanding the best way to describe Bandolier to a [...]