After you install the module components, Secure Configuration Manager automatically recognizes which NetIQ UNIX and Windows security agents are enabled for SCAP queries, and then sets a flag in the asset map for these agents and their corresponding endpoints.
The SCAP Module also adds an SCAP Templates option to the Security Knowledge > Policy Templates node in the console. The SCAP Templates option contains all SCAP policy templates you convert and import. To import content from the NIST site, you must convert the files from XCCDF format to .tpl format using the XCCDF Conversion Utility. For more information about converting and importing content, see Assessing NetIQ-Monitored Computers.
You can run the SCAP policy templates from the Secure Configuration Manager console to gather data on endpoints monitored by NetIQ UNIX and Windows security agents. However, some endpoint computers might be offline, either because they are mobile workstations or they reside behind a high-security firewall. You can copy the SCAP files in their original XCCDF format to a read/write medium to assess systems not currently monitored by a NetIQ security agent. For more information about assessing offline systems with the SCAP benchmarks, see Assessing Offline Computers. After running offline assessments, you can import the results into the Secure Configuration Manager database.
When you complete a set of assessments, Secure Configuration Manager and the SCAP Module provide two methods for generating compliance reports. You can create and run a scheduled job in the console that automatically compiles and exports results in a format supported by the CyberScope data feeds. Alternatively, you can use the FDCC Reporting Utility to convert report results to .csv format for submitting reports in Microsoft Excel. For more information about reporting assessment results, see Creating a Compliance Report.
The SCAP Module enables you to assess the subset of endpoint types available in Secure Configuration Manager. For information about supported endpoint types and versions, see the Secure Configuration Manager Technical Information page.