Skip to Content
Information

This site will undergo maintenance on Friday, 26 September at 2:00 AM CDT / 12:30 PM IST and may experience a short period of instability during that time.

Information
Space banner This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Adding SCAP rule exceptions

Rule exception are similar to deviations, but on a device level, not for a group. An exception is a rule, for which it does not matter, if it succeeds or fails on the target, that is, it's real result does not impact the device compliance. This means, that its scan results are included in the device compliance, the rule appears in the list of executed rules, but its result is always displayed as successful.

Some rules that are included in the benchmarks can be specified as exceptions, because, for example, they are not applicable to a specific operating systems, or a specific rule currently is not applicable for your internal regulations, and so on.

These exceptions can be modified at any moment and can also have a deadline. This means that for example a rule is considered an exception until December 31st, because until then a specific requirement is not applied in your organization, but from the 1st of January onwards it will be. Once the expiration date is reached, the exception is automatically removed and the rule result included in the global compliance.

Warning

Note:

Be aware that:

if you add or remove exceptions, you need to rerun the scan on the device for these exceptions to be taken into account.
this does not impact any scans and reports already run before the expiration date, these remain as they are.

To specify a rule exception proceed as follows:

  1. Click Edit > Add SCAP Rule Exception btn_add.png.
     The Select an SCAP Rule dialog box appears.
  2. Select the rule to specify as exception.InformationYou can select more than one rule at a time by holding the CTRL key while selecting.
  3. (Optional) Click the calendar btn_add.pngicon, if the rule exception is to expire at a specific date. If the exception is unlimited, do not modify this box.InformationTo clear the expiration date click no.png.
  4. Click OK to add it to the list of exceptions and close the window.

The exception is immediately added to the list. Rerun the scan on the device to create an up-to-date result.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Client Management 12.9