At some point, corporate security policies should be mapped into documents that define the recommended configurations for an array of technologies. These documents are often called Technical Standards. In Secure Configuration Manager, policy templates let you define secure configuration standards for your IT assets. You can use these policy templates to express corporate technical standards and current industry standards. Policy templates include many security checks or queries that you use to audit a series of IT controls on a variety of platforms. These audits generate:
A list of security checks that identify non-compliant systems.
A list of policy violations per security check. Violations are results returned by the security check that vary from the expected value and indicate a potential vulnerability. The expected value specifies the results you expect a security check to return.
An aggregate score reflecting the state of compliance.
A color code that indicates vulnerability based on risk score ranges.
NOTE:Security checks test for potential vulnerability. To help you determine which security checks to use, each check provides an explanation, the potential risks you face in not running the check, and remedies you can perform to reduce vulnerabilities.
Secure Configuration Manager lets you perform security audits by running security checks and policy templates. When you run a policy template, the resulting report contains a set of security checks, actual values for those checks, and scores. This capability provides a clear view of the current exposures in your enterprise. You can immediately use the default NetIQ policy templates to check the status of your systems against industry regulations and best practices. For more information about policy templates, see Section 4.2, Understanding Policy Templates. For more information about security checks, see Section 4.1, Understanding Security Checks.