remediation object should also be provided. Details of the policy creation and deployment process are discussed here:

￿Remediation object creation and publishing (1a)

A remediation object that can remediate violations must be provided. The naming and creation of these objects is dependent on the corresponding Security Compliance Manager posture collectors and certain naming conventions. For example, posture collectors that check for hotfixes will have a different name mapping than those that check for local system settings, and the remediation objects that will be created for these collectors must take this name mapping into account. Details on naming conventions and the creation and publishing of remediation objects are provided in 8.2.4, “Installation of the Software Package Utilities” on page 394.

￿Compliance policy creation (1b)

A compliance policy must be created or updated on the Security Compliance Manager server. The policy may include:

Posture collectors of appropriate types to detect violations

The collectors’ parameters, which must be configured with the values that will be checked against when making compliance decisions

Information specific to the remediation object that will remediate violations when detected as noted in step 1a

Other attributes that are used to support automated remediation

Each policy must include a policy collector, which must have its collector parameters updated for Policy_Version. The new value must be noted for entry in the ACS policy.

Be aware that only a single policy containing the policy collector can be deployed to a client. You can define multiple Security Compliance Manager policies, each with a policy collector instance, but you should never assign more than one of these policies to a group (and thus a client).

￿Policy deployment (1c)

Security Compliance Manager provides a means to deploy the policy file to the client, which requires that the client has direct access to the Security Compliance Manager server. Whenever a client is in communication with the server, the appropriate policy updates are automatically downloaded to the client. Our reference architecture provides for the Security Compliance Manager client to be in contact with the Security Compliance Manager Server regardless of whether it is being quarantined, which will allow quarantined clients to download required policy updates using the standard Security Compliance Manager method.

Chapter 3. Component structure 57

Page 74 Page 76
Page 75
Image 75
IBM Tivoli and Cisco manual Component structure
Page 74 Page 76
Top Page Image Contents