What's new in Windows checklist

HCL BigFix Compliance Windows and the Web Browser checklist provide additional support and enhancements in the recent update.

Several checks have been improved by adding a pending restart feature. This feature operates as follows:
  • For checks that require an OS reboot, the action results will now display "Pending Restart" instead of "Fixed."
    Figure 1. Pending start

    Pending start
  • The check will remain relevant for those endpoints until they are rebooted.
  • After the endpoint is rebooted, the action results will display as “Fixed,” and the check will be marked as compliant.

For a detailed list of releases, see the Windows and Web Browser Checklist Release Notes.

Universal Checklist

The Universal Checklist for Windows Server is a single, unified checklist designed to simplify compliance management for all supported Windows Server versions (2016, 2019, 2022, and 2025). This beta release integrates all security checks from the CIS and DISA benchmarks, allowing you to apply consistent security configurations across your entire server environment with one action.

What's Changing
  • A Single Checklist Model: You will now manage and deploy one checklist for the entire Windows Server platform, rather than one for each OS version and benchmark.
What Stays the Same
  • Custom Checklist Creation: Your workflow for creating custom checklists is not changing. You can still use the Create Custom Checklist wizard with the content from this new Universal Checklist.
  • Parameterization: The ability to parameterize checks, where applicable, remains unchanged from the existing process.
  • Checklist-Level Reporting: For this beta phase, you will find the compliance score for the Universal Checklist in the same location as your other checklists: SCA > Reports > Checklists section. Or you can access the same data by running the existing compliance reports in Web Reports (https://<bigfix_server_name>:8083/webreports).
    Important: It is important to note that this report shows the overall compliance for the general-purpose Universal Checklist itself and is not a substitute for a benchmark-specific (e.g., CIS or DISA) report.
  • Availability of Individual CIS/DISA Checklists: This Universal Checklist is for general purpose use. To generate specific CIS or DISA compliance reports, you must continue to use the individual CIS and DISA checklists, which will still be delivered through the existing method.