Create Compliance Policy
Overview
A Compliance Policy defines how a specific Benchmark should be assessed against a particular set of devices. While a benchmark is inherently associated with a single technology, Compliance Policy allows the flexibility in how they apply these benchmarks to their specific devices. The relationship between a Benchmark and an Compliance Policy is typically one-to-one. A single Compliance Policy will be associated with a single benchmark.
However, a key aspect of this relationship is that while a Benchmark targets a specific technology, the Compliance policy itself can be applied to multiple categories of devices within that technology. This allows for flexibility in how you apply security assessments across your environment.
Navigation
Go to Menu. Select Settings After that, Go to Compliance and select Compliance Policy. The Compliance Rules screen is displayed.
Compliance Policy Screen
All the default Compliance Policies will be visible on this page. Users can view policy name, description, creation time, used count, Tag information, execution schedule, and perform Actions on it.
Below are the options visible on the Compliance screen:
| Field | Description |
|---|---|
| Policy Name | Name of the Policy. |
| Description | Description for the policy. |
| Created Time | Displays the creation time of the Policy. |
| Used Count | Displays the total number of time the Policy have been used. |
| Tag | Displays all the associated Tags with the Policy. |
| Schedule | Displays the exection schedule of the Policy. |
| Actions | Actions that can be performed on Policy: - Edit: Edit the Policy to change its properties. - Schedule: Set a schedule for Policy execution. - Assign Monitor: Assign an additional Monitor to the Policy. - Remove Assigned Monitor: Remove a Monitor already assigned to the Policy. - Delete: Delete the Policy. |
To create a policy, click on the Create Complaince Policy.
Create Compliance Policy
User can attach a Benchmark to a Compliance Policy and run the assessments on their network infrastructure.
Below are the options available on the Create Complaince Policy screen:
| Field | Description |
|---|---|
| Policy Name | Enter the name of the Policy. |
| Description | Enter a description for the policy. |
| Tag | Provide a Tag to associate with the Policy. |
| Config File Type | Select the type of Config File to execute the policy. |
| Benchmark Filter by Tags | Use the dropdown to select Benchmark listed by their Tags. |
| Benchmark | Select the Benchmark to assign using the dropdown. |
| Device Filter | Select the category of devices using the dropdown. |
| Select Device | The list will populate according to the option selected in Device Filter field. Select devices using checkboxes to run the policy assessment. |
| Generate Report | Generate a in-depth report of the assessment results. |
| Notify Team | Enter the E-mail address or contact number of the registered user to notify them of the assessment. |
Select Create Compliance Policy to apply the changes and create policy.
Select Reset to clear all fields and start afresh.