Skip to content
  • There are no suggestions because the search field is empty.

v3.7.0

January 27, 2025

New Features

  • NIST 800-171 (rev 3) reporting
    Nipper can now generate a NIST 800-171 (rev 3) report. This new report provides a comprehensive overview of compliance status with 19 critical NIST 800-171 requirements, helping to identify gaps and prioritize security improvements across six control families to better protect sensitive information.

  • CMMC 2.0 reporting
    Nipper can now generate a CMMC 2.0 report. The CMMC 2.0 report facilitates evaluating compliance with 20 essential requirements for levels 1 and 2, supporting the demonstration of adherence and the enhancement of cybersecurity practices across seven key domains, which is vital for securing government contracts.

  • Introduced “Save All Formats” saving option in Nipper (v3). This allows a user to save a report in all available formats.

  • Added the ability to select which Firepower Threat Defense (FTD) devices to assess when auditing a Firepower Management Center (FMC) configuration file. This allows the user to reduce the number of license usages when auditing FMC configuration files.

Continual Improvements

  • Resolved several issues within the Audit Policy settings, including:

    • an issue with “BOGON IPV4 Addresses” and “Specific Host Service Blacklist” in Audit Policy settings whereby it wasn’t clear new entries had been added;

    • an issue where there was no option to set a value for lower case letters for passwords in Audit Policy;

    • prevented the same service from being added multiple times in Audit Policy by scrolling the user down to the entry already entered if they try to add a duplicate service.

  • Resolved an issue where, when saving the CIS Benchmark report to CSV format report, it was missing tables from CIS report section 1.2.2 onwards in the CSV report.

  • Resolved an issue with 800-53 audit, where the controls used were not mapped to device specific STIGs. This resulted in some controls returning a lower criticality rating than a device specific STIG. While the report is device agnostic, we now ensure that the ‘worst case’ rating is returned to customers.

  • Resolved an issue where Nipper v3.6.0 was crashing auditing Cisco IOS 15.1(2)SY7, IOS XE 17.3.4 & JunOS v21.4R3.15 devices against DISA STIG report.

  • Resolved an issue with the “Prompt for device selection” setting for Firepower where when this was not selected all FTDs were excluded from the report. The default will now be to ensure all will be included.

  • Amended the display of findings in Best Practice Security report to now display as a bullet list, rather than in a paragraph.

  • Resolved an issue where "Last Updated" field incorrectly displayed "NA" after a Nipper upgrade, this will now display last updated date.

  • Improvements to user guides around system wide licensing.

  • Resolved an issue where Nipper would crash when attempting to save as "STIG Viewer CheckList".

  • Resolved instance of incorrect finding 'STP Not Enabled On All Interfaces' in the Best Practice Security Report for Cisco IOS v15.2, whereby Nipper identified that Loopback0 interface did not have STP enabled when the interfaces were available in the switch.

  • Resolved instance of incorrect password findings in the Best Practice Security Report for Cisco IOS v15.2, whereby Nipper identified multiple weak password settings when the password policies were configured correctly.

  • Resolved instance of incorrect finding 'Rules Allow Access To Administrative Services' in the Best Practice Security Report for Palo Alto v10.1.10, whereby the rule "Prod_GlobalProtect-DNS-1" was configured to allow specific traffic between defined Source and Destination, yet Nipper continued to flag the finding 'Rules Allow Access To Administrative Services' for this rule.

  • Resolved multiple compiling issues with the LaTeX save function.

  • Resolved an issue where Nipper crashes when trying to change the report view.

  • In the summary section of the Nipper reports all lines were starting with a lower case ‘a’ – amended the first letter at the start of each bullet point to a capital letter.

  • Resolved an issue where F5 BIG IP remote connection needed the password to be entered twice.

  • Resolved an issue where the "set name" column was missing in CSV report.

  • Resolved an issue where a policy was set to Deny but Nipper was showing it as Permit in the Best Practice Security report for Juniper SRX V22.3R1.11.

  • Resolved an issue with the results logic where it was possible for a test to report a pass even though a sub-check has failed.

  • Resolved incorrect ’investigate’ returned in the PCI report (section 10.6.2) & 800-52 (AU-12(b)) for F5 Big IP device.

  • Improved positioning of Nipper logo on the installation screens.

  • Amended ordering of reports in the New Report Wizard to improve user experience.

  • Amended trivial text mistakes.

  • Improved the attribution of filtering failures in the Best Practice Security report across the following rules, to more accurately identify the specific failing rule:
    • Rules Allow Access To Administrative Services,
    • Rules Allow Access To Clear-Text Services,
    • Rules Allow Access To Potentially Unnecessary Services,
    • Filter Rules Allow Any Protocol,
    • Filter Rules Allow Any IP(please note IP here means internet protocol not IP address),
    • Filter Rules Allow ICMP.

    Where previously Nipper would list all the filtering rules on the device as the reason for the failure, Nipper will now narrow it down to exact rules that were in violation of what was being checked.

    Note: This change will affect all devices, resulting in less issues now appearing in the Best Practice Security Report compared to the same report being run on the same device using a previous version of Nipper.