Description
The compliance group’s main role is to provide a baseline scan of security standards your company requires. This scan is primarily accomplished through the use of LANDESK’s Network Access Control. (LANDESK DHCP) During the initial configuration of NAC the Definitions in the compliance folder will be used to help build the NAC Services that will scan computers entering your network.
Only a LANDESK administrator or a user with the Security and Patch Compliance right can add or remove definitions to and from the Compliance group.
The following security content types can be added to the Compliance group to define a compliance security policy:
- Antivirus definitions
- Custom definitions
- Driver update definitions
- LANDESK software update definitions
- Security threat definitions (includes firewall definitions)
- Software update definitions
- Spyware definitions
- Vulnerabilities (OS and application vulnerability definitions)
Note: You can't add blocked application definitions to the Compliance group to define compliance security policies.
To add security definitions to the Compliance group
- In Security and Patch Manager, select the type of security content you want to add to your compliance security policy from the Type drop-down list, and then drag and drop definitions from the item list into the Compliance group.
- Or, you can right-click an individual definition or selected group of definitions, and then click Add to compliance group.
- Make sure any necessary associated patches are downloaded before you publish LANDESK NAC content to posture validation servers and remediation servers. You can right-click a definition, selected group of definitions, or the Compliance group itself, and then click Download associated patches to download the patches necessary to remediate affected devices.
To run a compliance scan that would utilize this folder you would need to create a compliance scan setting to be utilized. Under settings right click on Compliance and choose New to open a new dialog box for your Compliance Scan Settings. U nless specifically selected a agent install will not include a compliance setting.
