This Rapid7® ControlsInsight® 2.0.1 release includes bug fixes and improvements related to assessment, guidance, and general display and formatting.
A number of improvements make assessments more accurate so that you can prioritize control deployment better:
- ControlsInsight now only assesses coverage for enabled UAC on assets running Windows XP SP3 or later. Earlier service packs are no longer included in the assessment because UAC is not applicable to them.
- Within the control category Assets with antivirus optimized, the individual controls are displayed in a chronologically meaningful order: 1) Assets with antivirus installed, 2) Assets with antivirus enabled, and 3) Assets with antivirus up to date.
- For control categories with multiple individual controls, the overall coverage assessment of the category is mathematically consistent with the percentages for the controls within the category. For example, the category Assets with high-risk applications up to date includes four controls, one each for a specific application. The overall percentage of the category now reflects the cumulative percentage of coverage for each of these applications.
- The priority order for the control Assets with passwords hardened has been has adjusted to make the assessment more accurate.
- When assessing assets for applied updates, ControlsInsight now correctly reports multiple installed versions versions of affected software.
Improvements to how procedures are presented make it easier for you to learn how to deploy security controls:
- Deployment procedures that reference external Web pages for Australian Defense Signals Directorate (DSD), NIST, and SANS security controls have been updated and corrected as necessary.
- Typos have been corrected for various control deployment procedures.
Corrections to text formatting, pagination, and graphics improve the appearance and navigation of the Web interface:
- Deployment procedure pages now display three primary references more prominently, and feature improvements for better readability.
- Colors of bars that show percentage of coverage for control categories have been adjusted for consistency with the bars that show percentage of coverage for controls within those categories.
- Scrolling issues related to dialog boxes have been corrected.
- The pagination for assets on the deployment procedures pages now displays correctly.
- A new tooltip on the Threats panel helps to convey more clearly that taking certain steps will improve the coverage assessment grade.
- Font display issues have been corrected in Firefox 23.
- Text formatting for deployment procedures is now consistent between the Web interface and the print-formatted pages and PDFs.
Nexpose logging errors related to anti-virus coverage assessments have been corrected.