Release Notes: Nipper v3.x.x

The document communicates the new features and functionality changes in this release of Nipper v3.x.x. The major release of v3.0.0 and all subsequent minor releases are included.

About This Release

Version 3.0.0 of Nipper is the latest major release of Nipper from Titania. Not only does the software include numerous new features, but the underlying architecture of Nipper has also been enhanced along with the infrastructure used to complete audits. These changes collectively mean that Nipper is now even more powerful than ever.

Compatible Products

This product has been tested on the following platforms or with the following products:

  • Microsoft Windows 11

Other versions of Microsoft Windows may be compatible with Nipper v3.0.0 but may have limited functionality.

Installation & Licensing

Existing users of Titania with an active license will be able to download this updated version and activate using their existing license credentials (serial number & activation code). Users currently running Nipper v2.x.x will be able to continue to use Nipper v2.x.x alongside Nipper v3.0.0.

Nipper v2.x.x will cease to be supported by Titania in line with the product lifecycle.

New users will be issued with new license credentials (serial number & activation code) for use when they first install Nipper v3.0.0.

 

Updates

The following features have been enhanced in this release:

  • Security Audit: Now known as the Best Practice Security Audit. Checks used to assess the configuration of devices return descriptions of what was checked as well as findings that describe what Nipper has identified, in the resulting report, allowing users to clearly understand what is being checked for, the outcome and how this affects their security posture.

  • Vulnerability Audit: A risk prioritized, exception zero-trust policy enforcement report enhances the NIST NVD Report available in Nipper v2.x.x by now including change tracking, findings for pass & fail instead of just highlighting fails and any associated ratings.

  • Raw Configuration Report: Now includes change tracking helping developers and teams maintain an audit trail of all changes to configuration settings. Change tracking helps in demonstrating compliance with regulations and provides transparency into who made what changes and when.

  • Appendix : Previously available as a separate report, this has now been integrated to Nipper v3.0.0 common report settings.

  • Settings: Further settings have been added to Nipper v3.0.0 allowing users to configure Nipper more precisely to their individual requirements.

  • Audit Scopes: Nipper v2.x.x allowed specific IP scoping only. Nipper v3.0.0 has been enhanced to allow users to specify which IP addresses to include/exclude, which audit reports should be scoped and whether to include/exclude report sections ensuring greater configurability.

  • Cisco PSIRT Audit: As in Nipper v2.x.x, users can evaluate and analyze Cisco products and networks for potential security weaknesses. Vulnerabilities are now rated against CVSS v3.5 by default but can also now be rated using all other versions of CVSS scoring (v1,2 and 3).

  • DISA STIG Compliance Audit: The STIG audit in Nipper v3.0.0 is now a risk prioritized, evidentiary pass and fail compliance assessment report, meaning users can now not only provide evidence of compliance but also identify areas of vulnerability and prioritize work required to improve their overall security posture. Additionally, STIG coverage has been greatly increased to include more device specific STIGs ensuring the environment audited with the most appropriate guidelines. Nipper v3.0.0 automatically selects the appropriate STIG benchmarks configured for a device with further generic benchmarks available to support where device-specific ones are not available.

  • NIST 800-53 Audit: Assess compliance with security requirements recommended in NIST special publication 800-53. Controls are assessed against DISA STIGs and mapped using common correlation indicators with pass/fail findings included in the report along with ratings. Report now includes change tracking, gives findings for pass & fail instead of just highlighting fails and ratings, helping users demonstrate compliance with security guidelines.

 

New Features

The following new features appear in this release:

  • Save Report As: Users are now able to export Nipper v3.0.0 reports in a wider range of recognized formats ensuring data can be more easily manipulated to meet individual requirements.

  • Ratings: Nipper v3.0.0 now supports the latest versions of Nipper, CVSS (v3.1, v3, v2 and v1), STIG and Cisco SIR rating systems which can now be viewed in a variety of forms to help better visualize the significance of the findings. Users can also manually set the order preference of the ratings systems used in reports that support multiple rating systems.

  • Report Browser: Nipper v3.0.0 has a new Report Browser, enabling users to quickly and easily navigate audit reports using large reports scroll bar and expandable / clickable sub-headings. Compliance results can be modified, user notes can be added, and findings can be excluded. Notes, exclusions, and modified results can be remembered and applied each time the same device, type of device or all devices are audited in the future.

  • Improved System Architecture: Updated, modular system architecture improves Nipper’s performance as well as providing a stable platform to add new devices, reports and other features. Updates to resources such as STIGs, NVDs, NIST and other compliance guidelines will be available independently of software releases.

  • Improved GUI: General usability improvements to the GUI including tabbed navigation, progress indication showing a percentage for how close a user is to the report to start running and more have been implemented improving the overall experience so users can run audits and create reports to get the information they need more quickly and easily.

Minor release updates

v3.0.1

  • September 19, 2023

    Titania internal development release

v3.0.2

  • September 29, 2023

    New Features

    • No new features included in this release.

    Continual Improvements

    • Fixed issue in the Cisco PSIRT report that caused false positives to be returned in some instances. Other reports were unaffected. Recommended that any Cisco PSIRT reports completed using v3.0.0 be re-run using most up to date version available.

v3.0.3

  • October 02, 2023

    Titania internal development release

v3.0.4

  • October 03, 2023

    New Features

    • No new features included in this release.

    Continual Improvements

    • Resolved issue with default license server URL meaning some users may not be able to activate Nipper.

v3.1.0 - Limited Beta

  • October 03, 2023

    New Features

    • PCI DSS 4.0 compliance report (BETA).

    Continual Improvements

    • Resolved issue with incorrect status of remote device connection after adding for a second time.

    • Resolved issue in NIST 800-53 report where Nipper ratings were being returned instead of associated STIG rating.

    • Resolved missing PSIRT advisories.

    • Fixed ‘save table to’ table. Report tables can now be saved to various formats.

v3.1.1

  • October 30, 2023

    New Features

    • PCI DSS 4.0 compliance report.
      Accurately assess compliance of device configurations with drill down detail of the checks performed to evidence how it complies with PCI DSS requirements or describes how it fails to comply and how to fix it.
      Report now includes change tracking, gives findings for pass & fail instead of just highlighting fails and ratings, helping users demonstrate compliance with security guidelines. Supported audits (such as full configuration reports) are now included within the PCI DSS report, making it even easier to refer to required evidential information.

    Continual Improvements

    • Fixed error with heatmap settings not adding heatmaps to reports.

    • Added CWE (Common Weakness Enumeration) references to NVD reports. Associates each NVD entry with a specific weakness identifier from the CWE list.

v3.2.0

  • December 04, 2023

    New Features

    • Added support for Fortinet devices utilizing FortiOS v7.4 allowing users to audit Fortinet devices using Nipper Security Audit and device specific STIGs as well as NVD and PCI security frameworks.

    • Added support for Palo Alto devices utilizing PanOS v11 allowing users to audit Palo Alto devices using Nipper Security Audit and device specific STIGs as well as NVD and PCI security frameworks.

    • Added functionality to support new NIST NVD update schema ensuring CVE updates can continue to be implemented in Nipper following changes by NIST.

    Continual Improvements

    • Resolved issue where large files downloaded from the API failed to validate ensuring updates can be successfully delivered.

v3.3.0 (Internal)

  • February 05, 2024

    New Features

    • Added support for Juniper SRX devices utilizing JunOS v22.3R1 allowing users to audit Juniper devices using the latest manufacturers recommended version.

    Continual Improvements

    • Improvements to PCI DSS audit and report to minimize investigate results for Cisco devices.

    • Resolved issue where, when conducting a Best Practice Security audit for Juniper SRX devices, Nipper indicates the absence of configured filtering rules, even when they have been set up.

    • Updated IANA database in Nipper (v3) to ensure latest resources are utilized.

    • Resolved an error on Firepower, whereby Nipper (v3) was crashing when importing a configuration file.

    • Resolved an error on Palo Alto, whereby when users add their Configuration file into Nipper (v3), then attempt to go to the next screen Nipper would show a serious error.

v3.3.1 (Internal)

  • February 21, 2024

    Continual Improvements

    • Resolved an issue when saving to XML, where Nipper (v3) would show a parse error, and could not be opened correctly via browser or XML.

    • Resolved an issue when users were attempting to go to the next page after adding their Cisco Nexus Configuration Nipper would freeze or crash.

    • Removed CIS report option on New Report Wizard for compliance and security licenses.

v3.4.0 (Internal)

  • March 18, 2024

    New Features

    • Added support for Cisco ASA devices utilizing V9.19 allowing users to audit Cisco ASA devices using the latest manufacturers recommended version

    • Added support for Firepower FMC/FTD devices utilizing V7.2.4 allowing users to audit Firepower devices using the latest manufacturers recommended version

    Continual Improvements

    • Improved accuracy of PCI DSS reporting against Juniper SRX devices & Cisco ASA devices, providing automation of checks against a greater number of PCI DSS security requirements. This in turn reduces the need for manual investigation by the user

    • Added in product help guides into Nipper so customers in an air-gapped environment can access the guides when they do not have access to the internet

    • Upgraded Nipper (v3) software platform to QT6. Benefits of QT6 include:

      • Improved performance - faster and more responsive user experience, as well as reduced memory usage

      • Security and bug fixes - an extended EOL means that we will get more security patches from Qt, fixing potential bugs and vulnerabilities in Nipper (v3)

      • Enhanced functionality and new features

      • Improved Support.

    • Resolved an issue whereby Nipper was crashing when attempting to remotely connect to a device.

    • Resolved an issue where the Network Filtering section was missing from the navigation menu on the Configuration Report.

v3.4.1

  • April 22, 2024

    Continual Improvements

    • Improved functionality to allow Nipper to automatically do an update check of resources, including new versions of Nipper and STIG, PSIRT, NVD and PCI DSS resource files. When there are updates available, the customer will now be notified on screen within Nipper and have the option to download and install them. This will prevent the need to download a new version of Nipper each time a resource file has been updated.

    • Resolved an issue whereby the exclude feature was not excluding the selected feature from the Best Practice Security, Cisco PSIRT and NIST NVD reports.