Configuration Compliance correlation

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuration Compliance Correlation

    Configuration Compliance assists in prioritizing and grouping test results to tackle non-compliance issues effectively. With the release of v14.9, several terminology changes have been introduced to enhance clarity, such as renaming 'Test Result Group' to 'Remediation Task Group' and 'Policy Test group' to 'Asset-Centric Prioritization'.

    Show full answer Show less

    Key Features

    • Prioritization of Findings: Configuration scans can yield numerous findings. The system prioritizes these based on risk reduction potential, evaluated on a 0–100 scale risk score that factors in configuration test criticality and asset criticality.
    • Remediation Task Management: When the third-party import concludes, Configuration Compliance updates the status of test results in active groups, resolving failed results and closing successful ones. The order of precedence dictates how states are derived for test results belonging to multiple groups.
    • Creation of Remediation Tasks: Remediation Tasks can be created manually either from the Remediation Tasks module or through filters that automatically populate the Test Results tab, allowing users to focus on specific results based on their criteria.
    • Ungrouped Test Results: This module tracks all non-pass test results that do not belong to any active group and is refreshed with each import or modification of group membership.

    Key Outcomes

    By utilizing Configuration Compliance, customers can effectively manage and remediate compliance issues, prioritize high-risk findings, and streamline the creation of remediation tasks. This leads to enhanced operational security and compliance posture within their infrastructure.

    Configuration Compliance provides prioritization and test result grouping to aid remediation of non-compliance issues.

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    Asset-Centric Prioritization

    Configuration scans can produce large number of findings. Prioritize findings for greatest risk reduction. Priority includes both configuration test criticality and asset criticality. Configuration test result priority is expressed as a 0–100 scale risk score. Calculator groups compute risk score and can be customized.

    When the third-party import is complete, Configuration Compliance sends an event to indicate end-of-import actions. For every active result group, the following actions are taken:
    • Resolved groups with failed results return to the Awaiting implementation state.
    • Groups where all results passed are Closed.
    • The state of test results that are in active groups is updated.
    • The flag indicating whether a result is part of an active group is updated.

    Remediation Tasks order of precedence

    When test results belong to more than one group, the State of a test result is derived according to an order of precedence.

    The State and Resolution fields in the Configuration Test form and the Result field in the Test Result form, are calculated following this order of precedence.

    Note:

    The group membership precedence only applies to items where the item did not pass the configuration test. Passed items are always in the Closed-Fixed state.

    The Result value determines the state. We ignore groups in the Closed-Fixed and Closed-Canceled state. The item state is computed from the states of all other remediation tasks it belongs to or is set to Open, if no other group exists for the item.

    Remediation task order of precedence

    Remediation Tasks creation

    Configuration Compliance Remediation Tasks are created manually.

    There are two ways to create and populate Remediation Tasks.

    • From the Remediation Tasks module and using filters that automatically populate the Test Results tab.

      This way is good for when you know what filtering you want to use. For example, capturing all failed test results that are moderate and higher criticality, affect the windows-based infrastructure, and apply only to the SAP supply chain application.

    • By selecting test results in the Test Results list and creating a group from the Actions on selected rows... menu.

      This method is good for results that are not easily filtered, or situations where you want to specify test results for remediation. For example, outliers that have nothing in common.

    Note:
    If you create a group from the Test Results list and you later decide to use a filter for that group, your original entries are removed and replaced by the filter results.

    Ungrouped Test Results

    Ungrouped Test Results contain all non-pass test results that are not members of an active (non-Closed) group. This module is updated after every import and whenever test results are added or removed from a group.