Logging on and viewing compliance summaries
To log on to Security Policy Manager
- Access the product through a standard web browser. The URL, http://systemName:port or https://systemName:port , is determined by your installation and the configuration.
The URL connects your browser to the server. - In the BMC AMI Security Logon window, enter your user ID and password and click Log On.
Logon access is controlled by configuring ESM definitions. If you do not have the required level of authority to log on to RSS, your connection might be rejected even if your user ID and password are correct.
(SPE2107) If you are not using IBM MFA, use your usual password to log on.
If IBM MFA is enabled, use one of the following passwords to log on:
- If the user ID setup uses a token, use the token code as the password.
- If the user ID setup uses IBM MFA Compound In-Band, use the token code and password (with a separator between them). The separator and the order depend on the ESM configuration of the site.
Getting started with the Compliance Overview dashboard
After you log on, Security Policy Manager displays a summary of the compliance status of your system in the Compliance Overview dashboard.
The following graphs are displayed:
Graph | Description |
|---|---|
Compliant Rule Count per System | Number of rules that are compliant over the number of rules that are not compliant One bar is displayed for every selected LPAR. |
Non-Compliant % per Category | Percentage of rules in each category that are not compliant on a system |
Rules with Highest Failure Count | Twenty rules that have the largest number of compliance failures on a system |
DISA STIG Compliance | Number of DISA STIG rules that are compliant and the number of rules that are not compliant This information is included in the Compliant Rule Count per System, but is shown here separately because of its importance. |
To return to this dashboard, select Overview from the Compliance menu in the navigation bar.
The following images show examples of the Compliance Overview dashboard with one and two LPARs selected. Hover over a part of the graph to see its numerical value.
Click to enlarge the image.
To show information from one or more LPARs
If your system is configured to run on more than one LPAR, you can select a different system from the one in which you are logged on, or select to show content from more than one system. For information, see Multi-LPAR-environment-installation-considerations.
- From the navigation bar at the top of the page, click LPAR Selection.
Select one or more systems and click OK.
(SPE2304) As you hover over an LPAR, active systems are green and inactive systems are red. You cannot select an inactive system.
Examining all compliance reports
To see a summary of all the compliance policies that are currently active on a selected system or systems, go to Compliance > All.
A report is displayed, as shown in the following image:
Click to enlarge the image.
This page includes all policies contained in the HLQ.RULES(INDEX) member and the following information:
Column | Description |
|---|---|
System | (SPE2107) System from which the data is provided |
Reference | Reference ID, as provided in the rules index member |
Rule | Rule name |
ESM | External security manager (RACF, TSS, or ACF2) For more information, see Configuring-ESM-definitions. |
Category | Category to which the rule belongs, as provided in the rules index member |
Priority | Priority provided in the index member |
Failures | Number of policy failures from when the rule was last executed. |
Last run | Date and time when the rule was last executed |
Next Run | Date and time when the rule is next scheduled to run |
Description | Description of the policy, as defined in the rule. |
Action | Actions to run on the report For more information, see the following section. |
To run actions on a report
To see details about a report, click the Select button in the row of the report and select one of the following options:
Action | Description |
|---|---|
Run Report | Reads the report SQL from the system, executes the policy on the system, and displays policy failures on a popup screen |
Edit SQL | Reads the rule from the system and displays the policy SQL in a popup window Edit the SQL in the popup and click Submit. The updated SQL is saved to the system. |
View Comments | Displays comments about the rule in a popup window Enter new comments in the Add New Comment box and click Submit. The new comment is saved to the system. |
Tip
If your browser window is too narrow to see all the values in the report, click the + icon 
at the beginning of the row. The column headings and values show below the row, as displayed in the following example:
Click the - icon 
to collapse the row.
To run individual reports
From the menus in the navigation bar the top of the page, select individual reports. For details about each report, see the following topics:
To return to this report, select All Compliance Reports from the Compliance menu in the navigation bar.
Tip
If you resize the window, a three-line (so-called hamburger) icon replaces the menus. Click the icon to see the menus.
