The verinice.TEAM changes its release planning as of 2019: Two new versions will be released this year, the dates for a spring and an autumn release have already been set. Features for the respective versions will be presented in the verinice.FORUM.
The following release dates are planned:
In the "Roadmap" category in verinice.FORUM, users can take a look at the features for future versions. They can also propose new features themselves or discuss specifications for already proposed features with the team and other verinice users.
The aim of the dates set and communicated at an early stage is to provide planning security and to be able to schedule updates of productive verinice systems in advance. As before, a feature freeze takes place one month before the release to ensure a thorough test phase.
The user's demand for a fast integration of the German Modernized Baseline Security framework by BSI made a new sub-release 1.17.2 of verinice. and verinice.PRO necessary. Detailed information about bugs and the applied solutions are available in our release notes.
A new version of verinice-Client has been provided in our verinice.SHOP for download. Subscribers of verinice.PRO will find the new version 1.17.2 in the respective repositories.
This update is mandatory for users of the Modernized Baseline Security framework.
Starting with version 1.19 verinice will include a Java Runtime Environment (JRE) of the AdoptOpenJDK initiative. AdoptOpenJDK creates JRE which contain all security patches and may be used free of charge. For verinice users nothing will change: verinice will still contain a current JRE and the verinice.TEAM will keep the installation as easy as possible.
Previously (incl. version 1.18) verinice contained a JRE, which was published by Oracle free of charge. However, Oracle changed the Java release cycle and the license for the JRE in 2018, so that it will no longer be possible to deliver verinice with the Oracle JRE from 2019 on.
Further details and background information can be found in the verinice.FORUM (thread in German).
The verinice.TEAM has identified and fixed a problem in the recently released verinice.PRO 1.17: When sending mails for unfinished tasks a lot of reminder mails were sent within a short time instead of only every 7. Affected are only verinice servers. A new version verinice.PRO 1.17.1 with corresponding solution has already been released and is available in the .PRO repository.
verinice development manager Daniel Murygin: "We were able to react quickly and publish a hotfix. Our support, to whom the behavior was reported, and the development team worked closely and efficiently together".
Since the bug only affects verinice servers, there is no new client version or updates for the clients (verinice single-user version).
SerNet has released version 1.17 of the open source ISMS tool verinice. The verinice.TEAM presents an extensive update, which is especially relevant for working with the Modernized IT Baseline Protection of the German BSI: An optimized modeling as well as the possibility for preliminary hybrid modeling are decisive innovations. All details with extensive screenshots can be found in the Release Notes. The new version is available in the verinice.SHOP (for standalone users) or in the verinice.PRO repository.
Two important notes for verinice users come with the update:
verinice support budgets are now available in the verinice.SHOP. They provide quick and easy access to supporting services. In addition to individual contracts, SerNet is thus making flat-rate budgets available to customers all over the world.
With this step SerNet wants to make it easier for verinice users to have direct access to the expertise of the verinice.TEAM. Two advantages in particular are key: The contract is concluded immediately instead of having to be individually negotiated. In addition, all hourly rates are the same, regardless of whether technical support in the narrower sense or, for example, consulting is used to implement a standard. Within one hour after purchase, the project number is available, with which support requests can be made at any time by e-mail or, in urgent cases, by telephone.
A support budget purchased in the shop contains 10 hours of service at a price of 1200 Euro (net). Up to 4 of these budgets can be purchased at once and bundled for a 40-hour project (one working week). The support budgets include product support for verinice and verinice.PRO as well as all related queries for databases (PostgreSQL, Oracle), identity management (Active Directory, LDAP, etc.) and virtualization (VMWare) on Windows, Linux and macOS platforms.
Support budgets have a duration of 24 months. The monthly account statements as well as a final statement provide detailed information about all inquiries and used units. The smallest time unit for a support request is a quarter of an hour. All work is carried out by SerNet remotely by e-mail or telephone during the active support hours (Mon-Fri 8 - 18 CET).
Booth 204 in Hall 9 at it-sa 2018 is the place to go for everyone who wants to take a look at the latest developments in verinice. it-sa – the annual trade fair and meeting place for the IT security industry – will take place from October 9 to 12 in Nuremberg. SerNet will be there with verinice partners.
The verinice.TEAM of SerNet will be accompanied by Cassini, neam, SILA Consulting and TÜV TRUST IT. They are all part of the verinice.PARTNER network and are happy to pass on their expertise on site. Together, SerNet and the partners will present verinice and provide insights into verinice 1.17, which will be published soon after it-sa. In addition, the partners will present their own services such as the establishment of a management system for information security, consulting for e.g. BSI IT Baseline Protection, ISO 27001 and ISIS12, audits, or support on the way to certification. c.a.p.e IT GmbH will present the integration between verinice.PRO and KIX Professional. uib will also be there, presenting opsi – the Open Source Client Management System.
Would you like to get to know verinice in general or specific contents such as the data protection module? Would you like to take a look at our implementation of the Modernized IT Baseline Protection and the Compendium? Would you like to know whether verinice is the right tool for you? Would you like to get to know some of our verinice.PARTNERS and their range of services? Then we look forward to welcoming you. We would also be happy to arrange a meeting with you in advance! Please send us an e-mail to itsa@. sernet.de
You can get free visitor tickets for a visit to it-sa via SerNet. To do this, visit http://www.it-sa.de/voucher/ and enter the voucher code A391225. With a visitor ticket, you can explore it-sa from 9 a.m. on any day.
SerNet has released the open source ISMS tool verinice in version 1.16. With this release, the team focuses on data protection and especially the GDPR. The combination of verinice and the Data Protection Module now makes it possible to comfortably document processing activities and to implement contracted data processing in compliance with EU law.
The Data Protection Module supports the documentation of contracted data processing, contracting parties and services in accordance with Article 28 GDPR. Corresponding contracts can be integrated directly. Data protection expert Sirin Torun, who designed the Data Protection module, also draws attention to the ADV controls that she developed herself: "They form a catalogue of measures that supports the verification and documentation of order processing. The ADV controls can also be used for initial or follow-up audits."
For the list of processing activities according to the GDPR, the Data Protection Module provides an example catalogue with samples of procedures including exemplary solutions for typical data protection problems - easily adaptable to the respective company, enterprise and authorities and can be extended as required. Torun emphasizes: "A special feature is that the technical and organizational measures (TOMs) can be selected from the ISO 27001 controls or the German BSI IT Baseline Protection measures and are assigned to the data protection objectives of Article 32 GDPR". This enables users to find their way quickly and work efficiently. The resulting interface between data protection and information security management means a considerable value for users. Especially if the ISMS is documented with verinice, costs can be reduced and the documentation effort can be reduced.
All data from the Data Protection Module can also be aggregated in reports. A total of 12 reports summarize the necessary information on a special area or on an overview topic.
The Data Protection Module is currently only available in German. Also it requires a verinice subscription. SerNet is planning further updates for the data protection module in the near future. The next topics on the roadmap are data protection risk management and risk analysis as well as data protection impact assessment. Users of the current data protection module should have access to these new features.
verinice 1.16 also has some innovations to show for the implementation of the new BSI IT Baseline Protection. The Baseline Protection Compendium has been revised, an implementation status for requirements and measures has been added, an identifier marks links clearer and new object types represent the diverse documentation tasks of the modernized IT Baseline Protection. As well as the Data Protection Module, the new IT Baseline Protection is only available in German.
Details about verinice 1.16 can be found in the release notes and about the Data Protection Module on the product page in the verinice.SHOP (German only) – interested parties can also participate in one of our webinars and get a first impression.
CentOS 7 is supported by verinice since the current 1.15 version – users can now switch to the newer version of the Linux distribution.
Updating servers from CentOS 6 to 7 is not possible, hence verinice must be set up and configured again. If needed, SerNet and the verinice.TEAM offer support with the transition. The verinice appliance will be available for CentOS 7 in a few weeks and will also simplify the reinstallation. Daniel Murygin, team lead software development: "Customers who are burning, but can now start with verinice 1.15 on a CentOS 7 server."
According to the end-of-support schedule, maintenance updates for the CentOS 6 series will be available until November 30, 2020. verinice will be available for CentOS 6 for the time being. Customers can continue to work with the combination verinice / CentOS 6 and schedule the change for a later date.
The verinice.TEAM has released the ISMS tool verinice in version 1.15. Main changes are the integration of the Modernized IT Baseline Protection issued by the German BSI (Federal Office for Information Security) and support of the EU GDPR. Publisher SerNet provides verinice and verinice.PRO for download in the verinice.SHOP or in the customer repository. The release also includes enhancements in various areas such as search and indexing, report query, and the web frontend.
verinice 1.15 and the enhanced Data Privacy Module enable working with the EU GDPR. The extended Module will be available for download in the verinice.SHOP or in the update repository soon: In addition to the mapping of the dircetory of processings, it also supports the required documentation for contract data processing. Until the deadline in May, additional extensions for the Modul are planned. They include risk management for data privacy and the data privacy impact assessment.
verinice 1.15 is the first version that implements the Modernized IT Baseline Protection according to the new BSI standards 200-1, 200-2 and 200-3.
More updates for verinice are on the horizon this year. These are intended to integrate the still missing content from the BSI. verinice Product Owner Michael Flürenbrock: "Users should be able to work with the latest version of the new Baseline Protection in verinice in a timely manner." In particular, risk management and the migration from the previous IT Baseline Protection Catalog to the IT Baseline Protection Compendium are among the expected BSI updates.
verinice users will receive the new versions as part of their ongoing subscriptions.
In verinice 1.15 the REST interface was expanded. The verinice.TEAM is working closely with Chemnitz (Germany) based c.a.p.e IT, manufacturer of the OTRS-based ticket system KIX. Thus, after Greenbone / OpenVAS now another IT service management (ITSM) tool is directly linked to verinice.
The verinice.XP from 21 to 23 March 2018 evolves around verinice. All users of the ISMS tool are invited to Berlin In addition to lectures on innovations such as the Modernized IT Baseline Protection and data privacy in verinice, participants can also expect reports from daily practice, e.g. for use at Berlin Brandenburg Airport, Europ Assistance or for industries such as finance and insurance, water companies and hosters. Tickets and more information at verinicexp.org.