18.Click Add Rule to get to the screen shown in Figure 7-40.

Figure 7-40 Condition set creation for TSCM

19.Click Add Condition Set. From the Attribute drop-down menu, select IBMCorporation:SCM:PolicyVersion. From the Operator menu select Contains, and for the Value enter the value of the security policy being used on the Security Compliance Manager server. In this example, the policy version is IISSCN_EBU_v2.20_winXP. Click Enter.

Note: This is to enforce the version of the TSCM policy being used. There is only an exact match option available. This means that all clients will be running the same policy version. It is critical when setting this check that you get the policy version name and syntax correct or the checks will fail. We also discovered that if you set the operator value to an equals sign (=), the check will fail even though the end user is running the correct version of the policy.

258Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

Page 276
Image 276
IBM Tivoli and Cisco manual Click Add Rule to get to the screen shown in Figure