Assessment reports contain results for a single policy template or security check run. The Overview provides a high-level view of how the selected assets comply with the technical standards and organizational policies represented by the policy template.
NOTE: If an assessment results in an error for an endpoint, the Web console displays a compliance or risk score of -1 for the endpoint / security check combination that caused the error. The error might indicate that the endpoint needs to be re-registered, the security check failed to function appropriately, or the agent lost communication with the endpoint or Core Services.
Depending on the type of policy template run, you might see the following data in the report:
Displays the overall compliance of the endpoints based on the data collected for the policy template.
A compliant asset meets your organization’s policies for assessment, operation, and control of systems and resources according to security standards, best practices, and regulatory requirements.
Each policy template has a specific range of compliance risk scores that Secure Configuration Manager uses as a baseline when calculating endpoint results. If an endpoint is compliant, then its risk score is lower than the out-of-compliance risk score range. An unknown compliance indicates incomplete data for the endpoint. Data might not be available because the some security checks do not apply to an endpoint, Secure Configuration Manager was unable to connect to the agent, or an endpoint returned errors.
Summarizes the risk or vulnerability state of the endpoints and groups associated with the report.
The report displays risk-based results when the policy template tests endpoints for a specific configuration setting or security risk on a specific platform, such as user privileges for an Oracle database.
Risk scores measure endpoint vulnerability and help you identify which endpoints have the most serious exposures based on two factors: threats discovered and endpoint importance. An endpoint’s importance represents the criticality level of that endpoint in your organization. For example, a database endpoint containing customer financial data might have a higher importance level than a database of customer references.
Lists the endpoints that most likely post a threat to your environment.
Lists the security checks that endpoints failed, which might pose a security issue.
Provides a map-based view of endpoints with the highest risk results.