The status of a posture element can be one of the following:

PASS

The data collection was successful, and the security

 

posture of the selected item matches the required value.

FAIL

The data collection was successful, but the detected

 

value indicates that the client is noncompliant and

 

remediation must be performed.

ERROR

The data collection failed or an internal error occurred.

WARN

The data collection was successful, but the detected

 

value indicates that the client is not optimally compliant

 

and remediation is recommended.

When the posture collector sends data to the Tivoli Security Compliance Manager server, the contents of the posture item are stored in the posture status table associated with the posture collector in the database.

Posture collector parameters

Posture collector parameters are generally required and indicate what data values should be checked, and what remediation should occur if a noncompliance is found. Parameters are of one of two types:

Operational

Operational parameters are used to make a determination

 

regarding a client system’s security posture. For example,

 

an operational parameter might indicate the required

 

software version, or the required frequency of virus scans,

 

or the maximum password age. If an operational

 

parameter is not specified, the posture collector does not

 

check the security posture represented by that parameter

 

and indicates a warning in the corresponding posture

 

element.

Workflow

Workflow parameters are used for remediation purposes,

 

and their names generally end with a _WF suffix. If a

 

specific security posture check fails, the information

 

provided by the workflow parameter is used to remedy the

 

problem identified.

6.2.2 Policy collector

The com.ibm.scm.nac.posture.PolicyCollector.jar collector (or policy collector, for short) running on the client uses the information that is collected by the posture collectors to make a security posture policy decision without contacting the Tivoli Security Compliance Manager server. If a posture element returned by a posture collector indicates a violation, the policy collector can communicate that information, along with any associated remediation workflow information, to the

154Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 172
Image 172
IBM Tivoli and Cisco manual Policy collector, Posture collector parameters, Operational, Workflow