Assessing the compliance and the risk posture of the system

book

Article ID: 179429

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

 

Resolution

Assessing the compliance and the risk posture of the system

The assessment of the compliance and the risk posture of the system begins when you import all the known assets into the system. Symantec Control Compliance Suite lets you proactively assess the assets against a set of standards. The assessment is done based on the data that is collected from the data collection components of the Symantec Control Compliance Suite. This comparison of the computer settings to predefined Standards is called an evaluation.

Before you begin the evaluation of the imported assets against the Standards, it is recommended that you review the basic concepts in Standards.

Table: Compliance and risk posture assessment

Task

Description

Understand and identify the predefined standard for assessment

Go to Manage > Standards .

Consider the following to understand the predefined standards:

  • Browse through the predefined standards in the tree pane under the Standards node.

  • Identify the predefined standard that you want to use for assessment of the imported assets.

Collecting data for evaluation

Go to Manage > Assets > Asset System > Global Tasks.

Consider the following when you collect the data for evaluation:

  • Select the asset type or the asset group for which you want to collect the data for evaluation and select Setup Data Collection.

    See Setting up a data collection job.

Evaluating the assets against the standards

Go to Manage > Assets > Asset System > Global Tasks.

Consider the following to evaluate the assets against the standards:

  • Create an evaluation job to evaluate the assets for which the data is collected.

    The information that you specify during the evaluation process is saved in the evaluation job. Hence, an evaluation job lets you perform the evaluation process repeatedly without having to specify the evaluation criteria again. Evaluation jobs can be scheduled to run at predefined intervals.

    See Running an evaluation job.

Viewing the evaluation results

Go to Manage > Assets > Asset System.

Consider the following to view the evaluation results:

  • View the details of the assets that are evaluated against a standard in the Details pane.

    The details pane presents the following information about the evaluation:

    • Standard against which the evaluation job was run

    • Evaluation date

    • Checks evaluated

    • Checks not evaluated

    • Compliance score

    • Risk score

See Running an evaluation job.

See Viewing the evaluation results in the details pane.

Generate reports based on evaluation

Go to Reporting > Report Templates

Consider the following while generating the compliance reports

  • Generate reports that provide a summary of the compliance of assets against the required standards.


Simplifying the remediation process