Symantec™ Control Compliance Suite 10.0 User Guide

Article:DOC2783  |  Created: 2010-08-23  |  Updated: 2010-10-19  |  Article URL http://www.symantec.com/docs/DOC2783
Article Type
Documentation


Description



Table of Contents:
About the Control Compliance Suite
What Control Compliance Suite can do for you
How Control Compliance Suite works
Control Compliance Suite server components
About the Control Compliance Suite Application Server
About the Control Compliance Suite Directory Server
About the Control Compliance Suite Directory
About the Control Compliance Suite Data Processing Service
About the Control Compliance Suite production database
About the Control Compliance Suite reporting database
About the Control Compliance Suite evidence database
About the Control Compliance Suite Web Console server
About the Control Compliance Suite Encryption Management Service
Control Compliance Suite client software
About the Control Compliance Suite Console
About the Control Compliance Suite Web Console
About accessing the Control Compliance Suite Web Console
Control Compliance Suite infrastructure requirements
Control Compliance Suite server requirements
Control Compliance Suite Client requirements
Where to get more information
Where to get Symantec Enterprise Security Manager information
Where to get Response Assessment module information
About the console features
About the menu bar
About the tree pane
About the Filter by pane
About the table pane
About the details pane
About the taskbar
About the console views
About the Home view
About the Monitor view
About the Manage view
About the Settings view
About the Reporting view
About the User preferences page
Working in the console
Accessing tasks
Using filters in the Filter by pane
Customizing the filter options
Managing the table pane
Viewing and editing the object details
Selecting the columns headings
Refreshing the view
Searching for objects
About working in the tree pane
Creating folders in the tree pane
About using special characters in folder and job names
Moving folders in the tree pane
Deleting folders in the tree pane
Renaming folders in the tree pane
Refreshing folders in the tree pane
Optimizing the console layout
Quick start with minimum configuration
Configuration tasks
Managing certificates
About Encryption Management Service
About the Certificates view
About managing certificates using the command line
About creating certificates
About certificate encryption
Using the Certificate Management Console
Configuring roles and permissions
About roles
About permissions
About tasks
Predefined roles
About custom roles
About the Roles view
About the Permission Management view
Working with roles
Working with permissions
Registering and configuring the Data Processing Service
About Data Processing Service roles
Registering the Data Processing Service
Registering the DPS with minimum custom configuration
Unregistering a Data Processing Service
Configuring basic Data Processing Service settings
Configuring advanced Data Processing Service settings
Configuring the assets batch size
Assigning a role to a Data Processing Service
Synchronizing Data Processing Service settings
Working in the System Topology view
About the Map view
About navigating in the Map view
About the Map view icons
About the Grid view
Modifying the settings of a component
Viewing additional component information
Saving an image of the configuration layout
Adding annotations to the components
Deleting annotations
Associating components
Deleting the association between components
About the health and status of a component
Viewing the health and the status details
Refreshing the health and the status information
Monitoring infrastructure jobs
Configuring sites
What sites can do for you
About using sites
About planning sites
Creating a site
Deleting a site
Assigning a Data Processing Service to a site
Removing a Data Processing Service from a site
Modifying the site name
Configuring the data collectors
Configuring the Windows data collector
Configuring the Oracle data collector
Configuring the SQL data collector
Configuring the UNIX data collector
Configuring the Exchange data collector
Configuring the NDS data collector
Configuring the NetWare data collector
Configuring the ESM data collector
Configuring the CSV data collector
Configuring the ODBC data collector
Configuring the application server settings
About the security settings for scheduled jobs
Adding credentials for scheduled jobs
Configuring the general settings
Configuring the data locations
Enabling and disabling audit setting
Configuring the email Notification Server
Selecting the DPS to synchronize the reporting database
Synchronizing the reporting database
About the purge settings
Configuring the purge settings
Configuring the purge job schedule
Configuring the entitlements settings
Configuring the exceptions settings
Customizing the report logo and name
Configuring the policy settings
Configuring the dashboard settings
Configuring the remediation settings
Configuring the standards settings
Configuring the job count settings
Configuring the assets count settings
About audits
About audit event triggers
About viewing the audit logs
Managing licenses
About the Licenses view
Adding a license
Adding licenses on the Directory Server
Viewing the list of licenses
Managing users
About the User Management view
About adding a user account
Importing user accounts
Updating a user email address
Deleting user accounts
Updating user accounts
Configuring the SQL Server settings
Configuring the production database connection settings
Configuring the reporting database connection
Configuring the application server credentials
Configuring service accounts with unconstrained delegation
Configuring the S4U and constrained delegation
About using special characters in credentials
Updating Control Compliance Suite
How LiveUpdate works in Control Compliance Suite
About the LiveUpdate view
Enabling and scheduling LiveUpdate
About the host file for Windows LiveUpdate clients
About the LiveUpdate staging location
Performing LiveUpdate on demand
Configuring Response Assessment Module in Control Compliance Suite
About Response Assessment Module
Adding a link to Control Compliance Suite
Adding a Response Assessment Module user-defined property
Publishing a questionnaire with invitations in Response Assessment Module
About configuring the Web Console to contact RAM
About logs and configuration files
About log messages
About log levels
Preparing for risk assessment
Assessing the compliance and the risk posture of the system
Simplifying the remediation process
Identifying possible threats in the access control system
Getting started with the asset system
About the Asset System view
About the Reconciliation Rules view
Concepts in assets
About assets
Site as scope in asset import
Asset folder hierarchy
Predefined platforms
Asset types
Primary and secondary assets
Reconciliation rules and rule types
Asset import
Asset tagging
Asset groups
Active assets
Creating reconciliation rules
Creating reconciliation rules without manual review
Creating reconciliation rules using the manual review
Working with reconciliation rules scenarios
Importing assets
About the first time asset import
Importing the assets for the first time
Working with asset import scenarios
Importing assets from a CSV file
Importing assets from an ODBC database table
Reviewing the assets manually
Creating asset groups
Creating a dynamic asset group
Creating a static asset group
Deleting inactive assets using the asset groups
Operators (, ), AND, OR
Performing the tasks in the Asset System view
Creating the asset folders
Performing the asset group tasks
Performing the global tasks
Performing the asset tasks
Performing the common tasks
Viewing asset information in the details pane
Using the Filter by pane in the Asset System view
Performing the tasks in the Reconciliation Rules view
Editing a reconciliation rule
Moving a reconciliation rule
Copying and pasting a reconciliation rule
Deleting a reconciliation rule
Viewing rules information in the details pane
Marking a rule as default
Unmarking a rule as default
Using the Filter by pane in the Reconciliation Rules view
About importing assets from Altiris
Supported asset types for Altiris
Prerequisites for installing Control Compliance Suite Asset Export Task
Installing Asset Export Task on Altiris Notification Server
Working with the Altiris Asset Export Task solution
Creating the Altiris asset import jobs in Control Compliance Suite Console
Specifying the asset export settings in the Altiris Symantec Management Console
Creating a asset export task in the Altiris Symantec Management Console
Scheduling asset export task in the Altiris Symantec Management Console
About the CSV files on Altiris Notification Server
About importing incident data from Symantec Data Loss Prevention
About the Symantec Data Loss Prevention Connector
Roles and permissions for the Symantec Data Loss Prevention Connector
Configuring the Symantec Data Loss Prevention Connector
Installing a certificate for the Symantec Data Loss Prevention Connector
About Symantec Data Loss Prevention Connector email notification configurations and logging
Symantec Data Loss Prevention Connector incident data batch size
Scheduled task configurations for Symantec Data Loss Prevention Connector incident data collection
About Symantec Data Loss Prevention and Control Compliance Suite result mapping
About the Symantec Data Loss Prevention Connector incident and Control Compliance Suite asset mapping
About rules-based action execution
About predefined rules-based actions
About custom rules-based actions
Managing controls for Symantec Data Loss Prevention Connector
About Symantec Data Loss Prevention Connector logging
Using the Symantec Data Loss Prevention Connector Credentials Removal utility
Using the Symantec CSM Connector Executor utility
About the custom schema
About the Schema Manager view
About the asset type schema
About the entity schema
About the target type schema
Working with custom asset types
Creating a new asset type
Registering a platform
Importing an asset type
Exporting an asset type
Viewing the custom asset type and the custom fields in the asset system
Extending an existing asset type
Editing an existing asset type
Creating an external field to add to the asset type
About the predefined platforms and the primary entities
About the primary, mandatory, and optional fields
About referenced entity fields
About separators in name fields
Working with custom entity
About platforms
About entities
About fields of an entity
About setting tasks to roles for entity schema
About relationships between the predefined entities
Creating a new entity schema
Editing an existing entity schema
Working with custom target type
Creating a new target type
Editing a target type
Working with custom schema scenarios
Creating a custom asset type - Windows Service
Extending the predefined asset type - Windows Machine
Extending Windows Machine to manage inventory and vendor data information
Create a custom entity- Inventory
Extending Windows Machine to include the fields from Inventory
Creating a custom asset type- Printer based on the custom platform- Devices
Creating a custom platform- Devices and the custom entity-Printer
Creating a custom asset type- Printer
Creating a target type for the asset type - Printer
About entitlements
Reasons for managing entitlements
Problems in managing entitlements
About the entitlements system workflow
About the control point status
About the Control Points view
About the My Control Points view
About the Import Settings view
About the Browse Notifications view
About the Review Cycle Settings View
Concepts in entitlements
Control points
Data owners
Alternative approver
Review cycle setting
Approval period
Tagging
Working with control points
Control point type and entitlement type
Unmarking a control point
Configuring control points
Creating a review cycle setting
Deleting a review cycle setting
Comparing entitlements
Viewing control point details
Working with entitlements import
About entitlements import
Configuring the import settings
Configuring the automatic entitlements import
Importing the entitlements manually
Working with approval
Requesting approval of entitlements
Requesting changes in entitlements
Approving the entitlements
Configuring the alternative approver
About the daily approval job
Working with notifications
About the notification events
Configuring entitlements notifications
About notification tokens
About the entitlements filters
Control Point Status filter
Tag filter
Viewing the control points information in the details pane
Control point details pane- General tab
Control point details pane- Entitlements tab
Control point details pane- Review Cycle tab
Control points details pane- Entitlement Import Details tab
Control points details pane- Review Cycle Dates tab
Control point details pane- Tags tab
Control point details pane- Exceptions tab
Control point details pane- Workflow Trails tab
Concepts in exception
About exceptions
About the exception management system
About exception validity
About exception templates
About exception states
About the exception filters
About the Exceptions view
Working with exceptions
Viewing exception information in the details pane
Requesting an exception
Launching the Request Exception Wizard
Approving an exception
Setting the exception state to In Review
Setting the exception state to Request Clarification
Setting the exception state to Deny
Setting the exception state to Expire
Modifying an exception
Concepts in standards management
About standards
About predefined standards
About sections
About checks
About data collection jobs
About advanced options for data collection
About evaluation jobs
About target types
About compliance score
About risk score
About versioning scheme
About the standards filters
About policy mapping in ESM
About changing an ESM policy name
List of standards
Concepts in checks
Field expression
Check expression
Check formula
Preconditions
Data Items filter
Missing data items
Multiple data items
Check risk attributes
Check Advanced Settings
About operators
About the Standards view
About the standard migration utility for ESM and CCS
Working with standards
Viewing standard information in the details pane
About multi-select functionality
Creating a new standard
Copying and pasting a standard
Moving a standard
Importing a standard
Exporting a standard
Renaming a standard
Deleting a standard
Running an evaluation job from the Standards view
Setting up a data collection job from the Standards view
Running a collection-evaluation-reporting job from the Standards view
Sizing guidelines for Collection-Evaluation-Reporting job
Changing an ESM policy name at the standard level
Working with sections
Viewing section information in the details pane
Creating a new section
Copying and pasting a section
Moving a section
Renaming a section
Deleting a section
Changing an ESM policy name at the section level
Working with checks
Viewing check information in the details pane
Copying and pasting a check
Moving a check
Renaming a check
Deleting a check
Creating a new check
Editing a check
Changing an ESM policy name at the check level
Creating an ESM check
Working in the details pane
Specifying or editing the description
Specifying or editing the check issue
Specifying or editing the remediation information
Adding the CVE information
Editing the CVE information
Specifying or editing the check attributes
Adding reference information
Editing reference information
Deleting reference information
Working with Evaluation Results
About exporting the evaluation results
Exporting the evaluation results
Requesting an exception using the Evaluation Result Details dialog box
Viewing the evidence details
About risk score calculation
Base score calculation
Adjusted base score calculation
Risk score calculation
Average risk score calculation
About compliance score calculation
About remediation
About automatic remediation
About manual remediation
About closed-loop verification
Remediating the assets manually from the evaluation results
Remediating the assets automatically
About baseline
About the baselines workflow
About the Baselines view
About setting tasks to roles of baselines
Creating a baseline job
Viewing the comparison results in the Baselines view
Exporting the comparison results
Deleting the baseline record
About tags
About the Tags view
Creating a new tag
Creating a new tag category
Editing a tag category
Deleting a tag category
Moving a tag
Deleting a tag
Renaming a tag
About policies
About the policy life cycle
About policy versioning
About policy status
About editing policies
What is a control statement?
About mapping policies
About policy reviewers
About policy approvers
About the policy audience
About selecting the policy audience
About audience interaction with policies
About the Policies view
Working with policies
Creating a new policy
Importing a Word policy
Editing a policy
Deleting a policy
Moving, copying, and pasting a policy
Submitting a policy for review
Submitting a policy for approval
Reviewing and approving policies
About policy review
Reviewing a policy
Viewing the reviewer comments
About policy approval
Approving a policy
Publishing and unpublishing policies
Publishing a policy
Unpublishing a policy
How audiences interact with policies
Managing clarifications
About clarifications
About the Clarifications view
Managing clarification requests
About jobs
About the job types
About the job filters
About the Jobs view
Managing jobs
Editing a job
Scheduling jobs
Deleting jobs
Running a job now
Searching for a job
Refreshing the jobs view
Creating jobs
Managing job runs
Canceling a job run
Deleting a job run
Viewing jobs information in the details pane
Jobs details pane- General tab
Jobs details pane- Schedule tab
Jobs details pane - Wizard Summary
Job run details pane- Summary tab
Job run details pane- Failures tab
Jobs details pane- Template tab
About the Evaluation Results view
About the evaluation result filters
Viewing evaluation jobs in the details pane
Evaluation Results details pane - General tab
Evaluation Results details pane - Evaluation Summary tab
Evaluation Results details pane - Assets Evaluated tab
About the reports and dashboards
About the Reports Templates view
About the My Reports view
About the My Dashboards view
About types of dashboards
About predefined report templates
About data synchronization
About creating user-defined templates
About the prerequisites for user-defined report templates
About the Report Management jobs
About the View My Reports filter option
Predefined report descriptions
Working with reports
Scheduling a report
Viewing a report
Refreshing a report
Removing a report
Printing a report
Exporting a report
Copying a report template
Customizing a report template
Customizing a report in report viewer
Adding a user-defined report template
Deleting a user-defined report template
Exporting a report template
Updating a report template
Moving a report template
Editing a report generation job
Working with tiered dashboards
Managing tiered dashboards
About roles and permissions in tiered dashboard
About threshold settings in tiered dashboard
Configuring tiered dashboards
About trends configuration
Viewing the tiered dashboard reports
About the Content view
About custom content
About Symantec Content Studio
About mandates
About regulations
About frameworks
About control statements
Creating custom content
Creating a custom mandate or section
Modifying the details of a custom mandate or section
Creating custom control statements
Mapping mandates to control statements
Mapping policies to control statements
Mapping checks to control statements
Mapping questions to control statements
Mapping extended controls to control statements
Performing policy analysis
About the Analysis view
Viewing the control statements mapped to a regulation, framework, or policy
Performing a gap analysis
About the extended evidence sources system
About the Extended Evidence Sources view
About an evidence source
About extended controls and control types
About evidence
About methods to import the extended controls
About methods to import the evidence
About compliance score contribution from an evidence source
About risk score contribution from an evidence source
About compliance score calculation from evidence
About risk score calculation from evidence
End-to-end sequence of evidence import
Working with evidence sources
Adding an evidence source
Editing an evidence source
Deleting an evidence source
Working with extended controls
Adding an extended control
About CSV file format for extended controls
Importing extended controls from a CSV file
Editing an extended control
Deleting an extended control
Working with evidence
Setting tasks to roles for evidence collection
About CSV file format for evidence
About evidence field format for predefined asset types
About ODBC mappings for evidence
Importing evidence from CSV files or ODBC compliant databases
Importing evidence from Response Assessment Module
Mapping custom questionnaires to evidence
Viewing the imported evidence
About the integration interfaces
Control Compliance Suite APIs
About the Standard Migration Utility
About the Standard Migration Utility system requirements
About the Standard Migration Utility packaging and deployment
Standard Migration Utility
How to use the Standard Migration Utility
About the log file configuration settings
About migration summary report
Limitations in the Standard Migration Utility
Troubleshooting evaluation mismatches
About the Symantec ESM Policy to CCS Standard Migration Utility
About packaging and deployment
System requirements for the ESM Policy to CCS Standard Migration Utility
About installing the migration utility
Uninstalling the migration utility
About the input file in the ESM Policy to CCS Standard Migration Utility
Executing the migration utility
About the log file in the ESM Policy to CCS Standard Migration Utility
About ESM suppressions migration
About the message IDs in ESM Policy to CCS Standard Migration Utility
Limitations of the migration utility
Troubleshooting for ESM Policy to CCS Standard Migration Utility
About the CCS Data Migration utility
Prerequisites for running the CCS Data Migration Utility
Configuring the SQL Server Service Broker
Running the CCS Data Migration Utility
Skipping CCS Reports and Dashboards data migration
About the Unified Data Model
About the asset-based views
About the standards-based views
About the asset-to-standard views
About the entitlement-based views
About the policy-based views
About the user views
About the exception views
About the tag views
About the third-party views
Mapping 9.0.1 tables to 10.0 views
About troubleshooting
Deployment troubleshooting
Troubleshooting a failed Directory Server Installation
Troubleshooting when the Certificate does not match a specified computer during deployment
Troubleshooting when the Application Server installation wizard rejects the Directory Server credentials
Troubleshooting when the Application Server, Directory Server, or Data Processing Service fail to start
Troubleshooting when installation logs are deleted when the user logs off after using Remote Desktop Connection to install
Troubleshooting when an error message that indicates that the state of the secure channel cannot be verified appears during installation
Troubleshooting when an error message indicates the SSPI context cannot be generated during installation
Troubleshooting when you encounter problems installing the Control Compliance Suite Console
Troubleshooting when a warning appears about the minimum required screen resolution
Configuration troubleshooting
Troubleshooting when the user is unable to start the Certificate Management Console
Troubleshooting when synchronization jobs fail to complete after migration
Asset import troubleshooting
Troubleshooting when asset imports fail to complete
Troubleshooting when asset import jobs from a single site run slowly
Troubleshooting when asset import jobs fail and report an exception
Troubleshooting when deleted ODBC data locations appear in the Data Processing Service settings
Data collection troubleshooting
Troubleshooting when data collection jobs fail to run
Troubleshooting when data collection jobs from a single site run slowly
Troubleshooting when an exception appears during data collection for Oracle assets
Troubleshooting when data collection jobs fail with the error Login failed for user
Troubleshooting when data collection jobs fail with an exception
Troubleshooting when Computer UnreachableŽ errors appear for Windows computers that do not have Internet Information Services installed
Console and Web Console troubleshooting
Troubleshooting when the user cannot start the Control Compliance Suite Console
Troubleshooting when the Web Console is unable to connect to the Response Assessment module
Troubleshooting when the Web Console does not correctly display Response Assessment module pages
Troubleshooting when configuration changes do not appear
Troubleshooting when the correct time does not appear on reports
Troubleshooting when reports cause a system slowdown or reports fail
Troubleshooting when the error HTTP Error 401.1 - Unauthorized: Access is denied appears when you open the Web Console
Troubleshooting when blank reports appear
Troubleshooting when an error appears while viewing a dashboard on the Web Console
Troubleshooting when you cannot create a custom asset type
Troubleshooting when the message The server is not operationalŽ appears in the console
Troubleshooting when the message Login failed for user <user name>Ž appears in the Web console
Troubleshooting when -1 value is displayed in a chart for an asset risk score
Troubleshooting when an error message appears while navigating to the Policies page in the Web console
Troubleshooting when the dashboard panel data is incorrect
Troubleshooting when expected data is not displayed in the policy panels
Troubleshooting when launching the Control Compliance Suite Console is slow
Troubleshooting when an error message appears on the Control Compliance Suite console or in the logs of DPS
Troubleshooting when there is a delay in permission changes in the Web Console
Troubleshooting when the Web console does not start after upgrading to version 10.0
Policy Module troubleshooting
Troubleshooting when you cannot assign a reviewer or approver for a policy
Symantec ESM troubleshooting
Troubleshooting when you cannot classify ESM 6.0 agents as different UNIX computers
Reports troubleshooting
Troubleshooting a failed report generation job for an Entitlements Management report
Troubleshooting performance slowdown in execution of report generation jobs
Troubleshooting an error "XML document could not be created because server memory is very low" appears in a reporting database synchronization job
Evidence import troubleshooting
Troubleshooting when Evidence collection job fails to run
Troubleshooting when score contribution from an evidence source is not displayed in the Asset Details pane

Attachments

CCS_User_Guide.pdf (8.9 MBytes)

Article URL http://www.symantec.com/docs/DOC2783


Terms of use for this information are found in Legal Notices