SecurityExpressions Server User Guide
Description | Optional statement about the policy. | |
Policy File | Name of the policy file (.sif), from the policy file library or | |
| a customized policy file. | |
Last Updated | Date and time the policy file was last saved to the | |
| database. | |
Configure | Some policy files, such as the NSA Guidelines for Windows | |
| XP and Windows 2000, contain a special rule named | |
| .CONFIGURE. The .CONFIGURE rule allows you to | |
| configure your policy files and set global parameters for | |
| policy files at run time. This column shows whether or not | |
| the policy file contains the .CONFIGURE rule. | |
| Certain information is unique and distinct between | |
| systems or groups of systems. A | |
| allows administrators to use a single policy file but allows | |
| identification of unique rules that require variable | |
| information. | |
Windows Group Use Access | Specify the Windows User Groups who can use this policy, | |
| if you want to restrict access to this policy. Displays | |
| "Everyone" if the policy isn't restricted. | |
Windows Group Remediation | Specify the Windows User Groups who can remediate | |
Access | audit results generated using this policy, if you want to | |
| restrict access to remediation through this policy. Displays | |
| "Everyone" if remediation through this policy isn't | |
| restricted. | |
Windows Group Results Access | Specify the Windows User Groups who can access results | |
| from audits that used this policy, if you want to restrict | |
| access to this policy's audit results. Displays "Everyone" if | |
| the policy's audit results aren't restricted. | |
Use on Link Type | Specify whether to run this policy over fast or slow | |
connections, or both kinds. Some policies might not be | ||
| appropriate to run over slow connections if they request a | |
| large amount of data. For example, applying large policy | |
| files like MS Fixes over a slow network connection, such | |
| as a 56K modem, can take a long time. | |
Device Types | Audit with this policy on these device types. Choices | |
include Windows, UNIX, and Unknown. | ||
Posture Condition (Fail If) | The rules for determining if the resulting posture after | |
auditing with this policy is Pass or Fail. The posture is | ||
| based on all | |
| impact and priority settings. Available posture conditions | |
| are: | Always Pass |
| • | |
| • | Any Fail |
| • | Any Not OK |
| • Any Not OK with Priority | |
| • Any Not OK with Score | |
| • Any Not OK with Impact | |
| • Any Not OK with Key | |
Cache Pass For | Specify how long posture results remain valid when the | |
system passes an audit based on this policy. This is a way | ||
| to control how often a system gets audited — as long as a | |
56
