This is basically the control name - it's how you'll identify the control in policies, reports and on the controls list.
Select the category (and sub-category) this control belongs to. Keep in mind that you (and other users) will be able to search for this control by its category.
You'll see the criticality in policies and reports whenever control details appear. You can change the criticality level at any time, and overwrite it at the policy level.
This is a place where you can enter notes about the control.
Enter a rationale statement describing how the control should be implemented for each technology.
Entering default values is a time saver. We'll copy your default values to each technology that you select in the Technologies list below so you don't have to.
When errors occur during control evaluation the status for the control instance is Error. Select this option to mark them as Passed instead.
A UDC control returns error code 2 "item not found" in cases where the latest scan did not find data required for control evaluation (e.g. file, registry key, or setting within a file or registry key). Enable this option to return the status Passed or Failed instead of Error when error code 2 "item not found" is returned. You'll choose the status you'd like to return in the policy's control settings.
Tip - If you select this option, the Ignore errors setting is not applied to controls that return the "item not found" error. Those controls will be evaluated according to your policy and status will be set to Passed or Failed.
This is where you set the expected control value for each technology. If you entered default values above then we've copied those values here to save you time. Feel free to overwrite the values, as needed.
Add references to internal policies, documents and web sites. For each reference, enter a description, a URL (starting with http://, https:// or ftp://) or both.
Select this option and we'll set the expected value for you based on the actual value returned by the scan. To update the value automatically you must also enable the "Auto Update expected value" in your compliance profile.
This is the algorithm that will be used to compute the file/directory digest.
Select this option to consider permission changes when calculating the file/directory digest.
Only file object type is supported for this control.
Point us at the directory you want to search. Be as specific as you can to reduce the search time (there is a search time limit). Then make additional settings that tell us how many levels we should search within the directory, and what to do when we come across other file systems and symbolic links.
Use these fields to find files and directories based on the name. You'll notice that * is used by default for the File Name Include and Directory Name Include, meaning that all files will be a match.
For each permission, tell us if the permission should be set on the file (Yes) or not (No). Select Any if either setting is fine. Then select Match All to only return files that match all of your permission settings. Select Match Some to return files that match at least one of your permission settings. Select Exclude to return files excluding the files that have at least one your specified permission settings.
Select each file system object type you want to include in the search. You can include all types or limit the search to only select types.
Identify the users and groups that you want to match. You can identify users and groups either by name or ID.
Each time we look for this control we'll consider the search time limit and the match limit. If we hit either limit we'll stop the search.
The actual value returned for this control is a String List, meaning we'll return a list of matches in the scan results.
Point us at the directory you want to search. Be as specific as you can to reduce the search time (there is a search time limit). Then tell us how many levels we should search within the directory.
Tell us whether you want to search directories, files or both.
Want to search for files/directories based on what users can access? Create a list of principals (groups and users) to include in the search and then go to the Permissions section to tell us the permissions you want to match.
Choose All to only return files that match all of the selected permissions. Choose Any to return files that match at least one of the permissions.