Auditing your systems for compliance with secure configuration policies like CIS, DISA STIGs, and USBCG is an important part of any effective security program, not to mention a requirement for many industry and regulatory compliances like PCI, DSS, and FISMA. With Nexpose, you can automate this assessment using our Policy Manager feature.
Back in March we launched two brand new policy report templates, Policy Rule Breakdown Summary and Top Policy Remediations, to help organizations understand how compliant their assets are and actions to take to improve their compliance posture. You can read more about these reports here.
After receiving lots of great feedback, we've added two more policy reports in the latest version of Nexpose: Policy Details and Top Policy Remediations with Details. These provide additional information like policy rules, test results, and step-by-step remediation instructions so you can drill into the details and take control of your compliance program.
The new Policy Details report is useful for understanding exactly what's going on with each asset - which rules are failing, the reasons why, and how you can fix it. The report is divided by asset, with the overall compliance score for the asset at the top. Run this report when you want to deep-dive into the configuration settings of your systems.
The new Top Policy Remediations with Details report expands on the report released in March by adding step-by-step instructions for each remediation and a list of the affected assets. With both Top Policy Remediations reports, the recommendations are prioritized for the greatest impact on improving compliance across all your assets and you can change the number of recommendations shown, e.g. change Top 25 to Top 10, to meet your needs. This report is perfect for communicating what needs to be fixed to your IT Operations team.
We have lots more enhancements to Policy Manager coming soon, so stayed tuned for more!