The NetIQ GRC Manager tool integrates Secure Configuration Manager and Unified Compliance Framework (UCF) to provide audit and configuration assessment of the endpoints to the Governance, Risk and Compliance vendors. GRC vendors depend on scanning tools such as NetIQ Secure Configuration Manager to receive configuration information and assessment details on various supported endpoints. GRC and NetIQ Secure Configuration Manager are integrated by using a common repository of information that UCF maintains. This repository of information enables the required standard of communication between GRC vendors and the Secure Configuration Manager database. The NetIQ GRC Manager tool initializes the Secure Configuration Manager database with UCF feeds for processing GRC requests.
The GRC Manager Tool uses UCFi standard to support extended security. This tool provides the mapping information to the Secure Configuration Manager database that makes the database useful for processing GRC requests. You can download this tool from <download link> and follow the on-screen instructions to install it. Following are the components that are required for GRC Manager tool:
Secure Configuration Manager
The Unified Compliance Framework is the only industry-vetted compliance database that reduces the regulatory maze to a smaller set of harmonized controls. UCF provides a single point of management over hundreds of complex IT compliance requirements from around the world.
For more information, see www.unifiedcompliance.com.
Secure Configuration Manager deploys agents to collect information, stores information in a central database, and displays reports in the Secure Configuration Manager console. Secure Configuration Manager Core Services manages communication among the components such as Agent, database, Console and Core.
For more information, see the NetIQ Secure Configuration Manager product page.
UCFi standard is an evolving protocol that is introduced by UCF, so that disparate software or organizations can integrate with each other to provide UCF based audit and configuration assessment.
Governance, risk management, and compliance (GRC) is an umbrella term that includes an organization's approach to apply rules and regulations for corporate governance, enterprise risk management (ERM) and corporate compliance.
You can use the GRC Manager tool for the following operations:
Import UCF feeds to the Secure Configuration Manager database.
Initialize Secure Configuration Manager database to process the GRC requests.
To import UCF feeds or to initialize the SCM with UCF mapping information:
NOTE:You must first update the database information and the UCF Feeds location to run the GRC Manager tool.
In the tool, click Configurations > Settings Management.
In the Database Configuration page, specify the database name and its instance.
(Conditional) If you are using Windows authentication, select Use Windows authentication.
(Conditional) If you are using SQL Authentication, specify user name and password.
Click UCF Configuration.
In the UCF Configuration page, specify the location of the UCF feed and select UCF mapping platform.
On the main screen, select Parse and Import operation and then click Start.
(Optional) If you want to initialize the Secure Configuration Manager database to save the mapping information in the database, select Initialize SCM with UCF operation and then click Start.