Desired compliance

Set your desired compliance. This is the benchmark and profile that you assign to a particular node and that is scanned on that node by default. Generally, you set compliance only once for your nodes.

By default, Comply automatically assigns an appropriate benchmark for each operating system, along with a Level 1 profile, to nodes that have not been set based on fact information from PE. Accepting this option is the quickest way to get up and running with desired compliance.

The ✔️ sign in the Profile assigned column on the Inventory page tells you that the desired compliance is set. You can view the node's information, including its assigned benchmark and profile, by clicking on the row assigned to the node. To change a node's desired compliance, follow the instructions in Manually set desired compliance. You can also follow the manual instructions to assign a different benchmark and profile to a node, or to assign a custom profile.

Restriction: Only one benchmark and profile can be assigned to each node.

Manually set desired compliance

If you don't want to use the benchmark and profile that Comply assigns automatically to your node, you can set the benchmark and profile that you prefer from the Inventory page.

  1. In Comply, click the Node column header on the Inventory page.
    Comply lists the nodes that have been classified with the comply class. If you do not see any nodes, ensure you have classified your nodes correctly.
  2. Click the node for which you want to specify desired compliance.
    In the Information window that appears on the right, you can see facts about the node and whether desired compliance has been set.
  3. Choose the CIS Benchmark and profile that you want to assign to the node.

    The benchmark and profile you set here is the desired compliance option for future scans.

    If you have created a custom profile, you can set it as the desired compliance by clicking Use an associated custom profile?

  4. Click Update.
Results
The ✔️ sign in the Profile assigned column tells you that the desired compliance is set. You can view the node's information, including its assigned benchmark and profile, by clicking on the node. If you want to change a node's desired compliance, use the drop-down menu and click Update.
Tip: You can update compliance on multiple nodes simultaneously if the nodes are running on the same operating system, and the latest version of the CIS-CAT Pro Assessor is installed on each node. To update multiple nodes, go to the Inventory page and select the nodes. From the Actions menu, select Set desired compliance. In the Benchmark, Profile, and Custom profile fields, specify the desired compliance and click Update.
What to do next
Now that you have applied desired compliance, you can run scans based on your selection.