Go to PC > Policies > New > Policy. Then choose one of these options: 1) start with an empty policy and build it from scratch, 2) create a policy based on scan data from an existing host, 3) import a policy from our Library or 4) import a policy from an XML file. We'll walk you through the steps.
By default your new policy will be active, which means it is available for scanning and reporting from the time it is created. To create an inactive policy, simply clear the "Activate this policy" check box and the new policy will be saved as inactive. It’s easy to activate it at a later time.
We always evaluate policies when new scan results are processed for the hosts in your policy. You can also start policy evaluation when saving changes to a policy (just click Evaluate now before hitting Save) or anytime from the policies list (choose the Evaluate action). You'll see the date/time of the last policy evaluation in the preview pane of the policies list.
Yes, by exporting a compliance policy to XML or CSV, you can easily share the policy with other users. Users can import policies that are in XML format into their subscription. Learn more
Our library includes locked policies for testing compliance against specific CIS benchmarks. These policies have been reviewed and certified by CIS (the Center for Internet Security). When a policy is locked, you can add hosts to the policy but you can't make any other edits. (Tip - During the import you'll have the option to import the locked policy as unlocked. This lets you remove the editing restrictions.)
This prevents others from editing it. Policies locked by a user can be easily identified by this icon Learn More
- Locked policies cannot be edited, however they are still available for reporting. Policies must be unlocked to enable editing.
- Only Managers and Unit Managers have permission to lock a policy.
- Mangers can unlock any policy, but Unit Managers can unlock only the polices locked by them.
- Policies that are locked while importing and SCAP policies cannot be locked or unlocked.
Tell me the steps. Go to your policies list and choose the action you want to take from the Quick Actions menu - Lock or Unlock. Use the Actions menu to take action on multiple policies in one go. Tip - You can also do this from within the Policy Editor.
You can easily identify the policy status by the following icons: means Active Policy and means Inactive Policy.
Go to PC > Policies and identify the policy you want to deactivate. Then choose Deactivate from the Quick Actions menu. Tip - You can also deactivate the policy from within the Policy Editor.
Posture evaluation will not take place for the policy. The policy will be hidden from your dashboard, reports and exceptions. The policy will be removed from compliance scorecard reports and from option profiles (with the Scan by Policy option enabled). Any policy report schedules for the policy will also be deactivated.
Go to PC > Policies and identify the policy you want to activate. Then choose Activate from the Quick Actions menu. Tip - You can also activate the policy from within the Policy Editor. By default, any new policy is marked active.
Posture evaluation will resume and the policy will be available again for scanning and reporting. You’ll need to manually re-activate the report schedules however the policy will be pre-selected for you. You need to also add the policy back to your scorecard reports and option profiles, manually.