Skip to content
  • There are no suggestions because the search field is empty.

v3.0.0

October 03, 2023

About Nipper v3.0.0

Version 3.0.0 of Nipper is the latest major release of Nipper from Titania. Not only does the software include numerous new features, but the underlying architecture of Nipper has also been enhanced along with the infrastructure used to complete audits. These changes collectively mean that Nipper is now even more powerful than ever.


Updates

The following features have been enhanced in this release:

  • Security Audit: Now known as the Best Practice Security Audit. Checks used to assess the configuration of devices return descriptions of what was checked as well as findings that describe what Nipper has identified, in the resulting report, allowing users to clearly understand what is being checked for, the outcome and how this affects their security posture.
  • Vulnerability Audit: A risk prioritized, exception zero-trust policy enforcement report enhances the NIST NVD Report available in Nipper v2.x.x by now including change tracking, findings for pass & fail instead of just highlighting fails and any associated ratings.
  • Raw Configuration Report: Now includes change tracking helping developers and teams maintain an audit trail of all changes to configuration settings. Change tracking helps in demonstrating compliance with regulations and provides transparency into who made what changes and when.
  • Appendix: Previously available as a separate report, this has now been integrated to Nipper v3.0.0 common report settings.
  • Settings: Further settings have been added to Nipper v3.0.0 allowing users to configure Nipper more precisely to their individual requirements.
  • Audit Scopes: Nipper v2.x.x allowed specific IP scoping only. Nipper v3.0.0 has been enhanced to allow users to specify which IP addresses to include/exclude, which audit reports should be scoped and whether to include/exclude report sections ensuring greater configurability.
  • Cisco PSIRT Audit: As in Nipper v2.x.x, users can evaluate and analyze Cisco products and networks for potential security weaknesses. Vulnerabilities are now rated against CVSS v3.5 by default but can also now be rated using all other versions of CVSS scoring (v1,2 and 3).
  • DISA STIG Compliance Audit: The STIG audit in Nipper v3.0.0 is now a risk prioritized, evidentiary pass and fail compliance assessment report, meaning users can now not only provide evidence of compliance but also identify areas of vulnerability and prioritize work required to improve their overall security posture. Additionally, STIG coverage has been greatly increased to include more device specific STIGs ensuring the environment audited with the most appropriate guidelines. Nipper v3.0.0 automatically selects the appropriate STIG benchmarks configured for a device with further generic benchmarks available to support where device-specific ones are not available.
  • NIST 800-53 Audit: Assess compliance with security requirements recommended in NIST special publication 800-53. Controls are assessed against DISA STIGs and mapped using common correlation indicators with pass/fail findings included in the report along with ratings. Report now includes change tracking, gives findings for pass & fail instead of just highlighting fails and ratings, helping users demonstrate compliance with security guidelines.

    New Features

    The following new features appear in this release:

    • Save Report As: Users are now able to export Nipper v3.0.0 reports in a wider range of recognized formats ensuring data can be more easily manipulated to meet individual requirements.
    • Ratings: Nipper v3.0.0 now supports the latest versions of Nipper, CVSS (v3.1, v3, v2 and v1), STIG and Cisco SIR rating systems which can now be viewed in a variety of forms to help better visualize the significance of the findings. Users can also manually set the order preference of the ratings systems used in reports that support multiple rating systems.
    • Report Browser: Nipper v3.0.0 has a new Report Browser, enabling users to quickly and easily navigate audit reports using large reports scroll bar and expandable / clickable sub-headings. Compliance results can be modified, user notes can be added, and findings can be excluded. Notes, exclusions, and modified results can be remembered and applied each time the same device, type of device or all devices are audited in the future.
    • Improved System Architecture: Updated, modular system architecture improves Nipper’s performance as well as providing a stable platform to add new devices, reports and other features. Updates to resources such as STIGs, NVDs, NIST and other compliance guidelines will be available independently of software releases.
    • Improved GUI: General usability improvements to the GUI including tabbed navigation, progress indication showing a percentage for how close a user is to the report to start running and more have been implemented improving the overall experience so users can run audits and create reports to get the information they need more quickly and easily.