2.2 Installing the SCAP Module Components

The following table provides an overview of tasks to install the SCAP module components and configure support for the module.

 

Steps

For More Information

Install the SCAP module on the Secure Configuration Manager Core Services computer, as specified in the release notes.

Section 2.1, Planning to Install the SCAP Module Components.

Install the Windows agent components on the endpoints that you want to assess.

Install the XCCDF Conversion Utility on each console computer.

Section 2.2.4, Installing the XCCDF Conversion Utility.

Install the FDCC Reporting Utility on each console computer.

Section 2.2.5, Installing the FDCC Reporting Utility.

2.2.1 Installing the SCAP Module on Secure Configuration Manager Computers

Install the SCAP module on the Secure Configuration Manager Core Services computer.

NOTE:

  • When you install the module on the Core Services computer, the installation program automatically connects to and updates the Secure Configuration Manager database.

  • If you have installed the Secure Configuration Manager database and Core Services on different computers, your logon account must be a local administrator account on the Core Services computer and a member of either the local Administrator group or the SQL Server user role on the database computer.

To install this module on Secure Configuration Manager computers:

  1. Log on to the Core Services computer with a local administrator account.

  2. Run the NetIQSCAPModuleForSecureConfigurationManager setup program locally from the root folder of the NetIQ Secure Configuration Manager Module for SCAP installation kit.

  3. Follow the instructions in the wizard until you have finished installing the module.

  4. Restart NetIQ Core Services to import SCAP templates successfully to Secure Configuration Manager console.

2.2.2 Deploying the SCAP Module to a Remote Agent Computer

Remotely deploy the SCAP module component to an agent computer by completing the following steps. If you want to install the SCAP module manually, see Section 2.2.3, Locally Installing the SCAP Module on an Agent Computer. You can install the agent component of the SCAP module only on computers that have a Windows agent installed.

Deploying to a Remote Windows Agent Computer

You can use the Secure Configuration Manager console to deploy the SCAP module to a registered Windows agent. Before you deploy the Windows agent component for the SCAP module, you must update the Windows agent component on the Core Services computer and copy the .nap file to a special folder. For more information about deployment, see the NetIQ Secure Configuration Manager Windows Agent Installation and Configuration Guide.

To deploy the SCAP module to a Windows agent:

  1. Log on to the Core Services computer with a local administrator account.

  2. In the SCAP module installation kit, open the folder containing the Windows agent component.

  3. Copy the SCAP module .nap file to the SyncStore folder on the Core Services computer, by default %Program Files (x86)%\NetIQ\Secure Configuration Manager\Core Services\SyncStore. For example, copy the SCAP_2.3_for_Windows_Agents.nap file.

  4. Log on to the console with an account that has rights to deploy Windows agents.

  5. Expand IT Assets > Agents > OS > Windows.

  6. Right-click the agents that you want to update, and then click Deploy or Update.

  7. Complete the steps in the Deployment wizard. When specifying the deployment package, select the SCAP module package. For example, select NetIQ SCAP Module 2.3 for Windows Agent.

    NOTE:If the Packages window of the Deployment wizard does not list the SCAP module package, you can browse to the SyncStore folder to add the .nap file.

2.2.3 Locally Installing the SCAP Module on an Agent Computer

Directly install the SCAP module on the local agent computer by completing the following steps. If you want to install the SCAP module remotely from Secure Configuration Manager, see Section 2.2.2, Deploying the SCAP Module to a Remote Agent Computer. You can install the SCAP module only on computers that have either the NetIQ Security Agent for Windows installed.

Locally Installing on a Windows Agent Computer

You can install the SCAP module on a local Security Agent for Windows computer.

To locally install the SCAP module on a Windows agent computer:

  1. Log on to the local agent computer with a local administrator account.

  2. Run the NetIQSCAPModuleForWindowsAgents.msi program from the Windows agent folder of the NetIQ Secure Configuration Manager Module for SCAP installation kit.

  3. Follow the instructions in the wizard until you have finished installing the module.

2.2.4 Installing the XCCDF Conversion Utility

To import properly formatted XCCDF content into Secure Configuration Manager, you must use the XCCDF Conversion Utility to convert the XCCDF content into SCAP policy templates that use the .tpl format. For more information about SCAP policy templates, see Section 3.1, Assessing NetIQ-Monitored Computers.

To install the XCCDF Conversion Utility:

  1. Log on to the Secure Configuration Manager console computer with a local administrator account.

  2. Run the Setup_XCCDF_Conversion_Utility_1.1.4.exe file from the Utilities folder of the NetIQ Secure Configuration Manager Module for SCAP installation kit.

  3. Follow the instructions in the wizard until you have finished installing the XCCDF Conversion Utility.

2.2.5 Installing the FDCC Reporting Utility

To create an FDCC compliance report, you must use the FDCC Reporting Utility to convert the exported policy template report from XCCDF format to a .csv file. For more information about FDCC compliance reports, see Section 3.3, Creating a Compliance Report.

To install the FDCC Reporting Utility:

  1. Log on to the Secure Configuration Manager console computer with a local administrator account.

  2. Run the Setup_FDCC_Reporting_Utility.exe file from the Utilities folder of the NetIQ Secure Configuration Manager Module for SCAP installation kit.

  3. Follow the instructions in the wizard until you have finished installing the FDCC Reporting Utility.