Implementation process for compliance content analysis

Use the information in the following table to understand the tasks for implementing the compliance content analysis in your environment. Each task row includes links to detailed information and procedures to help you analyze compliance for every server in the data center.

Implementation task

Description

Reference

Identify the standards and policies required for your environment

TrueSight Server Automation Compliance Content libraries provide you with add-on content for TrueSight Server Automation, containing rule sets to automatically analyze compliance for every server in the data center. Identify the content libraries that are applicable for your environment.

Review requirements

Ensure that your environment complies with all requirements.

Download the content installer and applicable templates

Download the appropriate content setup file from the BMC Software web site to a temporary directory on the Application Server. The download includes various Component Templates and remediation packages for performing compliance and remediation in a specific environment.

Install the Compliance Content add-ons

Run the content installer to:

  • Import groups of out-of-the-box component templates that contain compliance rules for regulatory standards and best-practice policies (HIPAA, PCI, SOX, DISA, PCIv2, and CIS).
  • Import remediation BLPackages into the Depot.
  • Import a group of out-of-the-box batch-type Scale Jobs that can be used for compliance analysis on UNIX and Linux platforms, especially in environments with large numbers of servers.
  • Install various out-of-the-box configuration objects (configuration files and extended objects) that support the provided compliance rules.
  • Create a custom property class for each policy type and defines a Default instance for the property class.

Configure the Compliance Content add-ons

After installing the add-ons, you must configure the properties for Compliance Content templates and modify the out-of-the-box component templates.

Run a Compliance Job against components

Use a Compliance Content component template to and Compliance Jobs to analyze compliance with industry standards.

Review compliance results and set exceptions 

Before you perform remediation on compliance failures, review the results of your Compliance Job for details about the components on each server that satisfied or failed to satisfy each of the defined compliance rules.

Perform remediation

Remediation of a compliance failure involves the deployment of a remediation package to the servers on which compliance rules failed.

Generate reports

Through the TrueSight Smart Reporting for Server Automation application, you can generate web-based reports that summarize compliance data derived over time from Compliance Jobs run in TrueSight Server Automation. Several built-in Compliance reports are offered by TrueSight Smart Reporting for Server Automation. Additional reports are available specifically for the Compliance Content component templates for industry-standard policies.

See the Built-in Compliance reports topic in the TrueSight Smart Reporting for Server Automation documentation documentation.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*