Desired compliance

Set your desired compliance. This is the benchmark and profile that you assign to a particular node and that is scanned on that node by default. Generally, you set compliance only once for your nodes.

By default, Comply automatically assigns an appropriate benchmark for each operating system, along with a Level 1 profile, to nodes that have not been set based on fact information from PE. Accepting this option is the quickest way to get up and running with desired compliance. You can also customize the default desired compliance settings for an operating system.

The Benchmark and Profile columns on the Inventory page show you the benchmark and profile for each node. You can view further details for a node by clicking on the row assigned to the node. To change a node's desired compliance, follow the instructions in Manually set desired compliance. You can also follow the manual instructions to assign a different benchmark and profile to a node, or to assign a custom profile.

Restriction: Only one benchmark and profile can be assigned to each node.

Manually set desired compliance

If you don't want to use the benchmark and profile that Comply assigns automatically to your node, you can set the benchmark and profile that you prefer from the Inventory page.

  1. On the Inventory page of Comply, click the node for which you want to specify desired compliance.
    In the Information window that appears on the right, you can see facts about the node and whether desired compliance has been set.
  2. Choose the CIS Benchmark and profile that you want to assign to the node using the drop-down menus.

    The benchmark and profile you set here is the desired compliance option for future scans.

    If you have created a custom profile, you can set it as the desired compliance by clicking Use an associated custom profile?

  3. Click Update.
What to do next
Now that you have applied desired compliance, you can run scans based on your selection.

Bulk set desired compliance

You can also bulk assign desired compliance to a batch of nodes if the nodes are running on the same operating system, and the latest version of the CIS-CAT Pro Assessor is installed on each node.

  1. On the Inventory page of Comply, click the check-boxes of the nodes for which you want to specify desired compliance.
  2. In the toolbar at the top of the page, click Actions > Set desired compliance.
  3. Choose the CIS Benchmark and profile that you want to assign to the node using the drop-down menus.
  4. If you have created a custom profile, you can set it as the desired compliance by clicking Use an associated custom profile?
  5. Click Update.
Results
The Benchmark and Profile columns tell you the desired compliance set for each node. You can view the node's information, including its assigned benchmark and profile, by clicking on the node.
What to do next
Now that you have applied desired compliance, you can run scans based on your selection.

Set desired compliance by operating system

If you prefer to assign the desired compliance to an operating system, you can set a benchmark and profile for this operating system from the Settings page.

  1. On the Settings page of Comply, click Manage desired compliance.
  2. Click the operating system you want to assign a benchmark and profile to. Any nodes with this operating system that are added have these benchmark and profiles automatically assigned to them.
  3. Choose the CIS Benchmark and profile that you want to assign to the node using the drop-down menus.
  4. If you have created a custom profile, you can set it as the desired compliance by clicking Use an associated custom profile?
  5. Check the check box to assign these settings to all of the selected operating system's current nodes, overriding any individually assigned benchmarks and profiles. Leave this unchecked to keep the individual desired compliance settings for any nodes that already exist on this operating system.
  6. Click Save.
Results
When nodes are added to an operating system, these benchmarks and profiles are automatically assigned to them.
What to do next
Now that you have applied desired compliance, you can run scans based on your selection.