Security Compliance Management 3.1.0 and 2.21.0 are available

[Puppet Product Updates]

We’re excited to announce the release of Security Compliance Management (SCM) versions 3.1.0 and 2.21.0. Both releases include several important enhancements that add value for Puppet Enterprise customers.

New in 3.1.0 and 2.21.0

Desired compliance enhancements

A new Manage desired compliance feature in the SCM console improves efficiency and time-to-value by allowing users to assign operating system-specific compliance benchmarks and profiles. These desired compliance settings are automatically applied to nodes in the inventory, streamlining the onboarding process by removing the need to manually set up desired compliance when new nodes are added.

In addition, to facilitate integration with custom workflows and systems, public API capabilities are extended to allow programmatic setting of desired compliance, and the retrieval of benchmark information for nodes.

Start scans through the API
Scans can now be started programmatically through the SCM public API, enabling seamless integration of scans into CI/CD pipelines and workflows.

Updated CIS benchmarks
To cover the latest security compliance recommendations and benchmarks published by the Center for Internet Security (CIS), SCM 3.1.0 and 2.21.0 ship v4.42.0 of the CIS-CAT Pro Assessor. This includes the following benchmark updates:

• Debian Linux 12 v1.0.1
• Microsoft Windows 11 Stand-alone v3.0.0
• Microsoft Windows Server 2019 v3.0.1
  
  

Learn more about upgrading to the latest version of SCM .

Resolved in 2.21.0:

• A bug that caused existing rule exceptions to disappear after upgrading.
• A bug affecting the search bar on the exceptions page.
• A bug that caused some macOS nodes to be shown as Darwin nodes on the Inventory page.
• An issue where the scarpy container would not start following an upgrade.
• Security fixes.

Resolved in 3.1.0:

• A bug in the 3.x installer (complyadm) that prevented the Bolt plan for 2.x to 3.x migration from succeeding if localhost was specified as the target.
• An issue in the 3.x installer (complyadm) where an error would occur when custom certificates were used for mTLS configuration.
• An issue that could prevent existing scheduled scans from running after a migration from SCM version 2.x to 3.x.
• A bug affecting the search bar on the exceptions page.
• A bug that caused some macOS nodes to be shown as Darwin nodes on the Inventory page.
• Security fixes.

For more information, see the Security Compliance Management docs:

•  3.1.0 release notes
•  2.21.0 release notes

This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.