Configuring A Policy

 

When you configure a policy you do two things:

 

 

To add one or more policy checks to a policy

  1. In the upper-left pane, select the desired policy framework (Categories, NIST 800-53, PCI DSS 1.1, PCI DSS 1.2, or PCI DSS 2.0).

  2. Use the drop-down box  FilterByProductBox.gif located above the upper-right pane to specify the product whose checks you want to make available.

  3. In the upper-right pane, enable the check box of each policy check you want to add to the policy.

  4. In the bottom pane click Add Selected Checks or, in the upper-right pane, right-click a policy check and select Add Selected Checks.

The In Policy icon InPolicyIcon.gif will be displayed for each new policy check, denoting that the check is now part of the policy.

Tip: You can also double-click an individual policy check to instantly add it to a policy.

  1. To save the modified policy, select File > Save or click the Save icon ToolbarSaveIcon.gif.

To remove one or more policy checks from a policy

  1. Use the drop-down box  FilterByProductBox.gif located above the upper-right pane to specify the product whose checks you want to remove.

  2. In the upper-right pane, enable the check box of each policy check you want to remove from the policy.

  3. In the bottom pane click Remove Selected Checks or, in the upper-right pane, right-click a policy check and select Remove Selected Checks.

The In Policy icon InPolicyIcon.gif will be removed for each disabled policy check. Checks not displaying the InPolicyIcon.gif icon are not enabled within the current policy.

Tip: You can also double-click an individual policy check to instantly remove it from a policy.

  1. To save the modified policy, select File > Save or click the Save icon ToolbarSaveIcon.gif.

To configure individual policy checks within a policy

  1. In the upper-right pane, select the policy check you want to configure.

 

For example:

 

SampleSelectedComplianceCheck.gif

 

  1. In the lower pane, select the Values tab.

 

For example:

 

SampleComplianceCheckParameters.gif

 

  1. Use the available parameters to configure the policy check.

 

Quite often you will have the option to configure the same policy check multiple times. This is because the same policy check can be configured differently for different products and for different versions of the same product. The products and product versions displayed here will be the same products and product versions contained in the policy. For example, in the sample shown above, if Windows XP Professional SP2 was not part of the policy then the Windows XP Professional SP2 parameters would not be shown.

 

Tip: If you want to configure the policy checks the same for all the listed products and product versions, configure the parameters for the first listed product and then click Make all check values the same.

 

Note: Some custom checks cannot be configured the same as other policy checks and will have an Edit link rather than a Value box. For example:

 

CustomCheckEdit.gif

 

To modify a custom check value click Edit, make the desired changes and then click Save. See Overview of Custom Checks for more information.

  1. To save the modified policy, select File > Save or click the Save icon ToolbarSaveIcon.gif.