Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Network Configuration Manager (NCM) > NCM Documentation > NCM 7.9 Administrator Guide > Ensure compliance to policy rules

Ensure compliance to policy rules

Created by Caroline Juszczak, last modified by Melanie Boyd on Jun 03, 2018

Views: 1,420 Votes: 0 Revisions: 6

Updated: May 31, 2018

Use policy reports to verify that device configurations comply with internal policies and external regulations. Each policy report enforces one or more rules. When the policy report runs, SolarWinds NCM scans the specified configuration files and reports any rule violations. Policy reports can also include remediation scripts to bring the configuration file into compliance.

SolarWinds provides a set of example policy reports that you can modify to meet your needs. You can also create custom policy reports.

Policy reports cannot be run against configurations that are downloaded in XML format.

How rules, policies, and policy reports work together

Each policy report includes one or more policies, and each policy includes one or more rules.

rules_policies_reports.png

  • A rule defines a condition that must or must not exist. Rules can also contain remediation scripts to be run if the rule is violated.

    For example, a rule could specify that devices must have banners that include copyright information. And the rule could contain a script to add the copyright information if it is missing.

  • A policy groups related rules, and specifies which nodes and config types the rules apply to.

  • A policy report groups related policies. When the report runs, it scans the configs specified in the policies and reports any rule violations.

Common uses for policy reports

Regulatory compliance

Use policy reports to ensure that you are in compliance with federal regulations and other industry standards, including:

  • Sarbanes-Oxley Act (SOX)
  • Health Insurance Portability and Accountability (HIPAA)
  • Computer Inventory of Survey Plans (CISP)
  • Payment Card Industry (PCI) data security policies
  • Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG)

Compliance with internal standards and policies

Standardization is a vital part of keeping the network running smoothly. Use policy reports to locate device configurations that do not comply with your organization's standards or policies. For example:

  • Enforce interface naming guidelines.
  • Enforce Quality of Service (QoS) traffic shaping policies.
  • Verify that the correct banner is present.
  • Change the copyright date when the year changes.

Security

To proactively protect against hackers, malware, and other security threats, use policy reports to ensure that network device configurations comply with your organization's security policies. For example:

  • Ensure that the default password has been reset on all devices.
  • For SNMP-enabled devices, verify that the default public community string is not present.
  • Enforce standards for password length.
  • Search access control lists (ACLs) for rules that must or must not be present.

Tasks to create and run a policy report

To create custom policy reports, complete the following tasks:

  1. Create the rules that the policy report will enforce.
  2. Create policies to group related rules and to define which device configs will be checked for compliance.
  3. Create the policy report to group related policies.

You can then run the policy report to find and remediate policy violations. You can also share policy reports between Orion servers or with other SolarWinds users.

 

Last modified

Tags

Classifications

Public