Once an audit scan has been scheduled for a target group, the target group will be appear in the table in the Map and Audit Targets view. Systems belonging to the target group will then be periodically assessed for compliance against all the rules in the mapped policies based on the schedule. The resulting overall compliance percentage will be displayed for each target group. This overall compliance percentage indicates the percentage of systems that are secure (i.e, systems that achieved a compliance percentage of at least 90% each) out of the total systems scanned in the target group. Click on a target group to view its complete compliance details.
Overall compliance percentage = Number of secure systems (systems that achieved a compliance percentage of at least 90%)/ Total scanned systems * 100
Note:Only scanned systems, and not all systems, are considered for overall compliance percentage because new systems may get added, in the future, to the custom group chosen as target. If the audit scan falls before this addition, those new machines in the target group will not be audited for compliance, and consequently will not be considered for compliance percentage, until they're assessed in the next scan based on the schedule.
On the top, you can see the name of the target group, who scheduled the audit and what its scan schedule is. You can edit the schedule by clicking on the "Modify schedule" button. Below we will discuss each section of this view in detail.
This section indicates the number of computers that need attention (i.e, computers whose individual compliance is below 90%) out of total scanned computers. According to Vulnerability Manager Plus, systems that have achieved a compliance of at least 90% are considered to be secure. The compliance percentage displayed here indicates the percentage of systems that are secure out of the total systems scanned in the target group. This percentage is the same as the overall compliance percentage of the target group.
Computers are classified in this section by health based on their compliance percentage.
Compliance Percentage of the systems | Health status |
Below 10% | Vulnerable - indicates vulnerable computers |
10% - 50% | Poor Compliance - indicates systems with poor compliance |
50% - 90% | Moderate Compliance - Indicates systems whose compliance can be improved |
Above 90% | Secure - Indicates secure computers |
The table section below lists all the computers belonging to this target group. Details such as OS platform, scanned and yet-to-scan policies, and compliance percentage for each computer are available here. In case, the audit is modified, after a scan, to map a new policy group or groups to the targets, these policies will remain unscanned until the next scan based on the schedule. Until then, these policies will be counted as Yet-to-scan policies. The compliance percentage of each system indicates the percentage of rules the computer has passed out of the total scanned rules (excluding unscored rules) from all the mapped policies.
Compliance percentage = Rules passed/(Total scanned rules - unscored rules) * 100
Note:
Not all the rules from the mapped policies will factor in to your compliance percentage. Three cases in which rules aren't considered for compliance percentage:
Also, if a policy group mapped to the target is modified, after an audit scan, to add/remove policies, those changes will not influence compliance percentage until the subsequent scan. Only after the systems are scanned in the subsequent scan against the modified list of mapped policies, the compliance percentage will change accordingly.
You can also view the compliance status and percentage of a computer on a per-policy basis. To do so, click on a computer.
Below we will discuss each section of this view in detail.
This section indicates the number of rules the computer has failed to comply with out of the total scanned rules from all the mapped policies. The compliance percentage displayed here indicates the percentage of rules the computer has passed out of the total scanned rules (excluding unscored rules) from all the mapped policies.
Compliance percentage = Rules passed/(Total scanned rules - unscored rules) * 100
All the rules applicable to the computer are classified in this section based on the computer's compliance status.
The table section below lists all the policies mapped to this computer along with the number of rules passed in each policy as well the compliance percentage of the computer per policy. The compliance percentage for each policy indicates the percentage of rules the computer has passed out of the total scanned rules from the policy. You can use the filter option to view the rules based on the computer's compliance status. For instance, if you select Failed in the compliance status filter, the failed rules from every policy will be displayed. Each rule suggests a recommended value for a security setting. Click on View resolution next to the failed rule to view the detailed steps to implement the recommended value.
You can also view the compliance status of a computer on a per-rule basis. To do so, click on a policy.
Below we will discuss each section of this view in detail.
This section indicates the number of rules the computer has failed to comply with out of the total scanned rules from this particular policy. The compliance percentage displayed here indicates the percentage of rules the computer has passed out of the total scanned rules from the policy.
All the rules from the policy are classified in this section based on the computer's compliance status.
Refer to this document if you wish to know more about how the policy is structured and detailed explanation for the terminologies used in the policy. For each title, you can view the number of rules the computer has passed. Click on the title to expand and reveal the rules pertaining to it. You can view the compliance status next to each rule. Each rule suggests a recommended value for a security setting. If you click on a rule, detailed summary, rationale and how to fix columns will be visible. The how to fix column offers the detailed steps to implement the recommended value in your computer for each failed rule.