Skip to Content

Adding SCAP rule deviations

A rule deviation is a rule for which it does not matter, if it succeeds or fails on the targets, as its scan results are not included in the global compliance.

Some rules that are included in the benchmarks can be specified as deviations, because, for example, they are not applicable to a specific operating systems, or a specific rule currently is not applicable for your internal regulations, and so on.

These deviations can be modified at any moment and can also have a deadline. This means that for example a rule is considered a deviation until December 31st, because until then a specific requirement is not applied in your organization, but from the 1st of January onwards it will be. Once the expiration date is reached, the deviation is automatically removed and the rule result included in the global compliance.

Warning

Note:

Be aware that:

if you add or remove deviations, you need to rerun the scan on the target group for these deviations to be taken into account.
this does not impact any scans and reports already run before the expiration date, these remain as they are.

To specify a rule deviation proceed as follows:

  1. Click Edit > Add SCAP Rule Deviation btn_add.png.
     The SCAP Rule Deviation dialog box appears.
  2. Select the rule to specify as deviation.InformationYou can select more than one rule at a time by holding the CTRL key while selecting.
  3. (Optional) Click the calendar calendar3.pngicon, if the rule deviation is to expire at a specific date. If the deviation is unlimited, do not modify this box.InformationTo clear the expiration date click no.png.
  4. Click OK to add it to the list of deviations and close the window.

The deviation is immediately added to the list. Rerun the scan on the device to create an up-tp-date result.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Client Management 22.4