Logging on and viewing compliance summaries

This topic presents the steps to log on to BMC AMI Security Policy Manager, the first steps you might take after logging on, and an overview of the product environment.

Related topic

Using

To log on to SPM

  1. Access the product through a standard web browser. The URL, http://systemName:port or https://systemName:port , is determined by your installation and the configuration.
    The URL connects your browser to the server.
  2. In the BMC AMI Security Logon window, enter your user ID and password and click Log On.

Logon access is controlled by ESM definitions. If you do not have the required level of authority to log on to RSS, your connection might be rejected even if your user ID and password are correct.

If you are not using IBM MFA, use your usual password to log on.

If IBM MFA is enabled, use one of the following passwords to log on:

  • If the user ID setup uses a token, use the token code as the password.
  • If the user ID setup uses IBM MFA Compound In-Band, use the token code and password (with a separator between them). The separator and the order depend on the ESM configuration of the site.

Getting started with the Compliance Overview dashboard

After you log on, SPM displays a summary of the compliance status of your system in the Compliance Overview dashboard.

(SPE2410)The footer of the SPM UI displays information such as the current user ID, the product name, and the current release and version details.

The following graphs are displayed:

Graph

Description

Compliant Rule Count per System

Number of rules that are compliant over the number of rules that are not compliant

One bar is displayed for every selected LPAR.

Non-Compliant % per Category

Percentage of rules in each category that are not compliant on a system

Rules with Highest Failure Count

Twenty rules that have the largest number of compliance failures on a system

DISA STIG Compliance

Number of DISA STIG rules that are compliant and the number of rules that are not compliant

This information is included in the Compliant Rule Count per System, but is shown here separately because of its importance.

To return to this dashboard, select Overview from the Compliance menu in the navigation bar.

Examples

The following images show examples of the Compliance Overview dashboard with one and two LPARs selected. Hover over a part of the graph to see its numerical value.

Click to enlarge the image.

overview_oneLPAR.pngoverview_twoLPAR.png

To show information from one or more LPARs

If your system is configured to run on more than one LPAR, you can select a different system from the one in which you are logged on, or select to show content from more than one system. For information, see Migrating to other systems.

  1. From the navigation bar at the top of the page, click LPAR Selection.

  2. Select one or more systems and click OK.
    As you hover over an LPAR, active systems are green and inactive systems are red. You cannot select an inactive system.

    Tip

    Click All to select all the systems, or click Reset to select the original system on which you logged on.

Examining all compliance reports

You can use the SPM UI to examine all or a subset of the Compliance reports.

To see a summary of all the compliance policies that are currently active on a selected system or systems, go to Compliance > All.

A report is displayed, as shown in the following image:

Click to enlarge the image.

allComplianceReports_spe2501.png

This page includes all policies contained in the HLQ.RULES(INDEX) member and the following information:

Column

Description

System

System from which the data is provided

Reference

Reference ID, as provided in the rules index member

Rule

Rule name

ESM

External security manager (RACF, TSS, or ACF2)

For more information, see Creating ESM resources.

Category

Category to which the rule belongs, as provided in the rules index member

Version

(SPE2501)

Version of the compliance rule. For example: 4.0.1 for PCI DSS reports

Priority

Priority provided in the index member

Failures

Number of policy failures from when the rule was last executed.

Last run

Date and time when the rule was last executed

Next Run

Date and time when the rule is next scheduled to run

Description

Description of the policy, as defined in the rule.

Action

Actions to run on the report

For more information, see the following section.

To view and run actions on a report

To see details about a report, click the Select button in the row of the report and select one of the following options:

Action

Description

View Report

Displays the report data from the last data capture

Data is captured daily according to the time set in the REPORTRESynctime parameter, as described in Configuring-parameters, or after running the RESYNC command, as described in Commands.

Edit SQL

For rules that are not encrypted, reads the rule from the system and displays the policy SQL

Edit the SQL and click Submit. The updated SQL is saved to the system.

View Comments

Displays comments about the rule in a popup window

Enter new comments in the Add New Comment box and click Submit. The new comment is saved to the system.

You can use the Edit SQL option in the Compliance Report to examine and modify the SQL that creates the report, for customer-supported SQL queries and the supporting INDEX member

To prevent accidental or nefarious changes, all out-of-the-box provided SQL, used to generate the reports, are encrypted. Hence, you must make sure to note the following points:

Encrypted rules include all RSSRULES members that begin with the prefix CICS, DB2, MVS, RACF, TCP, TSS, and USS. Hence, you must not use these prefixes for any SQL rules that you are maintaining.

Important

The Edit SQL option is not available for rules using the aforementioned prefixes.

You must have the following privileges to the RACF facility class, BMC.RSS.SPMCOMP, to perform the relevant actions:

  • READ access: Enables you to view the SQL, used to generate the report, by using Edit SQL. However, you cannot modify details and the UI does not display the Submit button.
  • UPDATE access: Enables you to use Edit SQL to modify and Submit to save the changes for the SQL for subsequently viewing the changed report.

The system performs an implied LOADRULE for the updated rule, allowing the View Report option to run with saved changes.

If you do not have access to the BMC.RSS.SPMCOMP facility class, or the facility class does not exist, selecting Edit SQL results in the Unauthorised Access error.

Tip

If your browser window is too narrow to see all the values in the report, click the + icon reportMore.pngat the beginning of the row. The column headings and values show below the row, as displayed in the following example:

reportMore_values.png

Click the - icon reportLess.pngto collapse the row.

To run individual reports

From the menus in the navigation bar the top of the page, select individual reports. For details about each report, see the following topics:

To return to this report, select All Compliance Reports from the Compliance menu in the navigation bar.

Tip

If you resize the window, a three-line (so-called hamburger) icon replaces the menus. Click the icon to see the menus.

spmHamburger.png


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*