News

News and Press Releases

    Page 1 of 6.
  • 1
  • 2
  • 3

https://www.vda.de

The verinice.TEAM has released the first beta version of the Information Security Assessment Version 4.1.0 of the German Association of the Automotive Industry (VDA ISA 4.1.0) for use in verinice. An english version is now also available. The corresponding CSV file can be found in the verinice.FORUM. (Please note: The initial post and the thread are German only, however the link for the English beta version is embedded.)

The current version can already be integrated into verinice and be used for asssessments. However, users should note that this beta version is explicitly intended for testing and not for productive use!

In addition, the following restrictions apply:

  • Module 24 Data Protection cannot yet be documented (supported with verinice 1.18 from week 15 2019).
  • The report templates will be supplemented by the modules 23 Third Party Integration and 25 Prototype Protection. They will be made available in the coming weeks (see Extension of the VDA ISA Report Templates for Version 4.1.0 1 – again: thread in German only).

All relevant notes as well as further details are also compiled in the corresponding thread in the verinice.FORUM. The verinice.TEAM is looking forward to feedback and a lively discussion.


The verinice.TEAM changes its release planning as of 2019: Two new versions will be released this year, the dates for a spring and an autumn release have already been set. Features for the respective versions will be presented in the verinice.FORUM (German only atm). 

The following release dates are planned:

  • verinice 1.18 in week 15 (8. - 12. April 2019)
  • verinice 1.19 in week 46 (11. - 15. November 2019)

In the "Roadmap" category (German only atm) in the verinice.FORUM, users can take a look at the features for future versions. They can also propose new features themselves or discuss specifications for already proposed features with the team and other verinice users.

The aim of the dates set and communicated at an early stage is to provide planning security and to be able to schedule updates of productive verinice systems in advance. As before, a feature freeze takes place one month before the release to ensure a thorough test phase.


The user's demand for a fast integration of the German Modernized Baseline Security framework by BSI made a new sub-release 1.17.2 of verinice. and verinice.PRO necessary. Detailed information about bugs and the applied solutions are available in our release notes

A new version of verinice-Client has been provided in our verinice.SHOP for download. Subscribers of verinice.PRO will find the new version 1.17.2 in the respective repositories. 

This update is mandatory for users of the Modernized Baseline Security framework.


Starting with version 1.18 verinice will include a Java Runtime Environment (JRE) of the AdoptOpenJDKinitiative. AdoptOpenJDK creates JRE which contain all security patches and may be used free of charge. For verinice users nothing will change: verinice will still contain a current JRE and the verinice.TEAM will keep the installation as easy as possible.

Previously (incl. version 1.17.x) verinice contained a JRE, which was published by Oracle free of charge. However, Oracle changed the Java release cycle and the license for the JRE in 2018, so that it will no longer be possible to deliver verinice with the Oracle JRE from 2019 on.

Further details and background information can be found in the verinice.FORUM (thread in German).


The verinice.TEAM has identified and fixed a problem in the recently released verinice.PRO 1.17: When sending mails for unfinished tasks a lot of reminder mails were sent within a short time instead of only every 7. Affected are only verinice servers. A new version verinice.PRO 1.17.1 with corresponding solution has already been released and is available in the .PRO repository.

verinice development manager Daniel Murygin: "We were able to react quickly and publish a hotfix. Our support, to whom the behavior was reported, and the development team worked closely and efficiently together".

Since the bug only affects verinice servers, there is no new client version or updates for the clients (verinice single-user version).


SerNet has released version 1.17 of the open source ISMS tool verinice. The verinice.TEAM presents an extensive update, which is especially relevant for working with the Modernized IT Baseline Protection of the German BSI: An optimized modeling as well as the possibility for preliminary hybrid modeling are decisive innovations. All details with extensive screenshots can be found in the Release Notes. The new version is available in the verinice.SHOP (for standalone users) or in the verinice.PRO repository.

Two important notes for verinice users come with the update:

  1. Automatic client updates are not possible for verinice 1.17! We have compiled all necessary information about manual updates in a HowTo. To update the verinice.PRO server to version 1.17, please use the package manager "yum" as usual (see details on the verinice.PRO update).
  2. When verinice 1.17 is started for the first time, all previous modeling in the Modernized IT Baseline Protection will be migrated to the new modeling. Therefore, please create a backup of all your information networks before each new installation or the first start of verinice 1.17.

verinice support budgets are now available in the verinice.SHOP. They provide quick and easy access to supporting services. In addition to individual contracts, SerNet is thus making flat-rate budgets available to customers all over the world.

With this step SerNet wants to make it easier for verinice users to have direct access to the expertise of the verinice.TEAM. Two advantages in particular are key: The contract is concluded immediately instead of having to be individually negotiated. In addition, all hourly rates are the same, regardless of whether technical support in the narrower sense or, for example, consulting is used to implement a standard. Within one hour after purchase, the project number is available, with which support requests can be made at any time by e-mail or, in urgent cases, by telephone.

A support budget purchased in the shop contains 10 hours of service at a price of 1200 Euro (net). Up to 4 of these budgets can be purchased at once and bundled for a 40-hour project (one working week). The support budgets include product support for verinice and verinice.PRO as well as all related queries for databases (PostgreSQL, Oracle), identity management (Active Directory, LDAP, etc.) and virtualization (VMWare) on Windows, Linux and macOS platforms.

Support budgets have a duration of 24 months. The monthly account statements as well as a final statement provide detailed information about all inquiries and used units. The smallest time unit for a support request is a quarter of an hour. All work is carried out by SerNet remotely by e-mail or telephone during the active support hours (Mon-Fri 8 - 18 CET).


Booth 204 in Hall 9 at it-sa 2018 is the place to go for everyone who wants to take a look at the latest developments in verinice. it-sa – the annual trade fair and meeting place for the IT security industry – will take place from October 9 to 12 in Nuremberg. SerNet will be there with verinice partners.

The verinice.TEAM of SerNet will be accompanied by Cassini, neam, SILA Consulting and TÜV TRUST IT.  They are all part of the verinice.PARTNER network and are happy to pass on their expertise on site. Together, SerNet and the partners will present verinice and provide insights into verinice 1.17, which will be published soon after it-sa. In addition, the partners will present their own services such as the establishment of a management system for information security, consulting for e.g. BSI IT Baseline Protection, ISO 27001 and ISIS12, audits, or support on the way to certification. c.a.p.e IT GmbH will present the integration between verinice.PRO and KIX Professional. uib will also be there, presenting opsi – the Open Source Client Management System.

Would you like to get to know verinice in general or specific contents such as the data protection module? Would you like to take a look at our implementation of the Modernized IT Baseline Protection and the Compendium? Would you like to know whether verinice is the right tool for you? Would you like to get to know some of our verinice.PARTNERS and their range of services? Then we look forward to welcoming you. We would also be happy to arrange a meeting with you in advance! Please send us an e-mail to itsa@remove-this.sernet.de.
 

Voucher codes

You can get free visitor tickets for a visit to it-sa via SerNet. To do this, visit http://www.it-sa.de/voucher/ and enter the voucher code A391225. With a visitor ticket, you can explore it-sa from 9 a.m. on any day.


SerNet has released the open source ISMS tool verinice in version 1.16. With this release, the team focuses on data protection and especially the GDPR. The combination of verinice and the Data Protection Module now makes it possible to comfortably document processing activities and to implement contracted data processing in compliance with EU law.

Data protection with verinice

The Data Protection Module supports the documentation of contracted data processing, contracting parties and services in accordance with Article 28 GDPR. Corresponding contracts can be integrated directly. Data protection expert Sirin Torun, who designed the Data Protection module, also draws attention to the ADV controls that she developed herself: "They form a catalogue of measures that supports the verification and documentation of order processing. The ADV controls can also be used for initial or follow-up audits."

For the list of processing activities according to the GDPR, the Data Protection Module provides an example catalogue with samples of procedures including exemplary solutions for typical data protection problems - easily adaptable to the respective company, enterprise and authorities and can be extended as required. Torun emphasizes: "A special feature is that the technical and organizational measures (TOMs) can be selected from the ISO 27001 controls or the German BSI IT Baseline Protection measures and are assigned to the data protection objectives of Article 32 GDPR". This enables users to find their way quickly and work efficiently. The resulting interface between data protection and information security management means a considerable value for users. Especially if the ISMS is documented with verinice, costs can be reduced and the documentation effort can be reduced.

All data from the Data Protection Module can also be aggregated in reports. A total of 12 reports summarize the necessary information on a special area or on an overview topic.

The Data Protection Module is currently only available in German. Also it requires a verinice subscription. SerNet is planning further updates for the data protection module in the near future. The next topics on the roadmap are data protection risk management and risk analysis as well as data protection impact assessment. Users of the current data protection module should have access to these new features.

Modernized IT Baseline Protection

verinice 1.16 also has some innovations to show for the implementation of the new BSI IT Baseline Protection. The Baseline Protection Compendium has been revised, an implementation status for requirements and measures has been added, an identifier marks links clearer and new object types represent the diverse documentation tasks of the modernized IT Baseline Protection. As well as the Data Protection Module, the new IT Baseline Protection is only available in German.

Details about verinice 1.16 can be found in the release notes and about the Data Protection Module on the product page in the verinice.SHOP (German only) – interested parties can also participate in one of our webinars and get a first impression. 


CentOS 7CentOS 7 is supported by verinice since the current 1.15 version – users can now switch to the newer version of the Linux distribution.

Updating servers from CentOS 6 to 7 is not possible, hence verinice must be set up and configured again. If needed, SerNet and the verinice.TEAM offer support with the transition. The verinice appliance will be available for CentOS 7 in a few weeks and will also simplify the reinstallation. Daniel Murygin, team lead software development: "Customers who are burning, but can now start with verinice 1.15 on a CentOS 7 server."

According to the end-of-support schedule, maintenance updates for the CentOS 6 series will be available until November 30, 2020. verinice will be available for CentOS 6 for the time being. Customers can continue to work with the combination verinice / CentOS 6 and schedule the change for a later date.


    Page 1 of 6.
  • 1
  • 2
  • 3

Search News

Press contact:

Claudia Krell
presse@remove-this.sernet.de

Archive:

English languageDeutsche SpracheLingua italianaČeský jazyk
© SerNet GmbH, 2019