Integrating Secure Configuration Manager with UCF for Governance, Risk Management, and Compliance

The NetIQ GRC Manager tool integrates Secure Configuration Manager and Unified Compliance Framework (UCF) to provide audit and configuration assessment of the endpoints to the Governance, Risk and Compliance vendors. GRC vendors depend on scanning tools such as NetIQ Secure Configuration Manager to receive configuration information and assessment details on various supported endpoints. GRC and NetIQ Secure Configuration Manager are integrated by using a common repository of information that UCF maintains. This repository of information enables the required standard of communication between GRC vendors and the Secure Configuration Manager database. The NetIQ GRC Manager tool initializes the Secure Configuration Manager database with UCF feeds for processing GRC requests.

1.0 Understanding the GRC Manager Tool

The GRC Manager Tool uses UCFi standard to support extended security. This tool provides the mapping information to the Secure Configuration Manager database that makes the database useful for processing GRC requests. You can download this tool from <download link> and follow the on-screen instructions to install it. Following are the components that are required for GRC Manager tool:

  • UCF

  • Secure Configuration Manager

  • UCFi standard

  • GRC

1.1 Understanding UCF

The Unified Compliance Framework is the only industry-vetted compliance database that reduces the regulatory maze to a smaller set of harmonized controls. UCF provides a single point of management over hundreds of complex IT compliance requirements from around the world.

For more information, see www.unifiedcompliance.com.

1.2 Understanding Secure Configuration Manager

Secure Configuration Manager deploys agents to collect information, stores information in a central database, and displays reports in the Secure Configuration Manager console. Secure Configuration Manager Core Services manages communication among the components such as Agent, database, Console and Core.

For more information, see the NetIQ Secure Configuration Manager product page.

1.3 Understanding UCFi standard

UCFi standard is an evolving protocol that is introduced by UCF, so that disparate software or organizations can integrate with each other to provide UCF based audit and configuration assessment.

1.4 Understanding Governance, Risk Management and Compliance

Governance, risk management, and compliance (GRC) is an umbrella term that includes an organization's approach to apply rules and regulations for corporate governance, enterprise risk management (ERM) and corporate compliance.

2.0 Working with GRC Manager Tool

You can use the GRC Manager tool for the following operations:

  • Import UCF feeds to the Secure Configuration Manager database.

  • Initialize Secure Configuration Manager database to process the GRC requests.

To import UCF feeds or to initialize the SCM with UCF mapping information:

NOTE:You must first update the database information and the UCF Feeds location to run the GRC Manager tool.

  1. In the tool, click Configurations > Settings Management.

  2. In the Database Configuration page, specify the database name and its instance.

  3. (Conditional) If you are using Windows authentication, select Use Windows authentication.

  4. (Conditional) If you are using SQL Authentication, specify user name and password.

  5. Click UCF Configuration.

  6. In the UCF Configuration page, specify the location of the UCF feed and select UCF mapping platform.

    Click Apply.

  7. On the main screen, select Parse and Import operation and then click Start.

  8. (Optional) If you want to initialize the Secure Configuration Manager database to save the mapping information in the database, select Initialize SCM with UCF operation and then click Start.