5.0 Evaluating Audit Results

Secure Configuration Manager enables you to manage the risks inherent in an IT landscape. First, you must identify and run the security checks and policy templates representing the security and system configuration policies you want to enforce. For more information about running security checks and policy templates, see Section 4.0, Auditing Your IT Assets. Next, use the reported results to evaluate asset compliance and establish a prioritized remediation plan to protect against the discovered vulnerabilities. Secure Configuration Manager provides a set of evaluation tools to help you determine how well each IT asset in your environment complies with your policies and to streamline the evaluation and remediation process.

Delta Reports

Provides console users a method for determining which settings on an unknown or noncompliant endpoint vary from a known, secure endpoint so IT managers can more efficiently remediate the issues. Console users can also evaluate changes to an endpoint’s results between policy template runs.

Asset Compliance View

Provides console users a starting point in the Secure Configuration Manager console for identifying which IT assets are out of compliance with the enterprise’s security standards, and whether the vulnerability of those systems poses a high, medium, or low risk.

Secure Configuration Manager Dashboard

Provides a Web-based interface for executives and managers to view the overall compliance of their IT assets and to perform a more granular assessment of specific groups and computers.

Security Checkup Results Viewer

Allows managers and console users to remotely audit enterprise security by reviewing which assets are in compliance, out of compliance, or have an unknown compliance for each policy template.

With each of these tools, you can browse endpoint data to see exactly which checks in the policy template failed and learn how to remediate the issue. You can also configure Secure Configuration Manager to automatically notify you when an asset falls out of compliance. Receiving notifications can help you expedite the remediation process. If your company uses a change management ticketing system to manage remediation efforts, you can configure Secure Configuration Manager to send an email to your change management system when an asset falls out of compliance.