Secure Configuration Manager enables you to quickly determine how well each IT resource in your environment complies with your company security standards. To identify misconfigured assets, you can run individual security checks or combine security checks into a policy template to run against an endpoint or a group of endpoints. Security checks test endpoints for a specific configuration setting or security risk on a specific platform, such as user privileges for an Oracle database. Policy templates group multiple security checks to test for a specific set of issues, such as those defined by the PCI DSS standards.
When you use Secure Configuration Manager to assess the level of configuration compliance in your enterprise, first identify the endpoints or groups of endpoints you want to assess. Next, create or select a security check or policy template that represents the security and system configuration policies you want to enforce. The resulting reports help you prioritize a remediation plan to protect against the vulnerabilities the security checks identify. This chapter explains the purpose for security checks and policy templates, and helps you establish a schedule of policy template runs. For more information about assessing security check and policy template results, see Section 5.0, Evaluating Audit Results.
Accurately assessing your computers requires regularly updating your security knowledge. The AutoSync vulnerability content service delivers new and updated security checks and policy templates when new vulnerabilities emerge. The AutoSync feature lets you regularly download and apply this security knowledge to your policy templates to ensure protection from the latest vulnerabilities. Update your security knowledge regularly using the AutoSync feature of Secure Configuration Manager. For more information about using the AutoSync server, see Section 8.0, Maintaining Your Security Knowledge.