none
Automated Compliance Tests Problem RRS feed

  • Question

  • Hello all,

    i have installed the System Center Service Manager 2010 (Version 7.0.5826.0), the System Center Configuration Manager 2007 R2 and the Service Manager GRC Management Pack with all the related librarys (Win7, Win Server 2008, Win Server 2008 R2....). On SCCM the exported DCM Baseline from Security Compliance Manager is implemented. All looks fine.

    I would like to automate the replication between the SCCM DCM Baselines and the automated control activities in SCCM.

    My problem:

    After installation the GRC libraries in SCSM i have no Automated Control Activities in the SCSM Control Management.

    My Questions:

    - How do I get the Automated Control Activities in the SCSM Control Management and start the automated replication?
    - Manuelly? How detects the Control Activity which Baseline CI it belongs?
    Thank you very much for your help!
    Henning
    Thursday, December 9, 2010 3:16 PM

Answers

  • Henning,

    Good question.  Since you successfully installed the IT Compliance Libraries for Windows 7, Windows Server 2008, and Windows Server 2008 R2, you have created teh automated control activities.  You can verify this by selecting "Library" on the SCSM Wunderbar.  You will then be presented with a list of Libraries.  Select the "Automated Control Activity Template" to get a list of control activities that you can use.  You should see a set for each OS.

    Now to take advantage of teh automated control activiteis in SM IT GRC and SCM installed in SCCM, you will need to create a compliance program with controls and the automated control activities.  Once you have completed these steps, you can begin operational use of the tool and see the automaated test results flow form SCCM into SM and be reported.

    I have summarized the steps below to set up a program and start operational execution.  You should refer to the IT GRC PMP Operations guide for additional program set-up information and troubleshooting and the IT CML deployment guide for SCCM DCM set-up and configuration.  Here are the basic steps:

    1. Select "Compliance and Risk Items" from Wunderbar
    2. Select "Program Management"  from workarea
    3. Select "Create Program" from Task Bar and populate title, description
    4. Add Program scope of machines that correspond with the SCCM collection of machines that the baseline DCM is applied.
    5. Select "Apply" and Publish Program
    6. Then select "Create Controls from Library" from Task Bar to populate the program with authority docs, controls and activities templates.
    7. Select your program and all libraries.
    8. Select an Authority Document, such as PCI 1.2 which uses the automated activities,
    9. Select corresponding Control Objectives,
    10. Select associated Control Activities. 
    11. Select create and the library templates you selected will be copied into your Program as instances that you can modify.
    12. Publish the control objectives and control activities.
    13. Run the DCM on SCCM for the program collection
    14. Turn on the SCCM IT GRC connector and sync it
    15. SCCM test results will flow into the SM DW.
    16. Run the Program, Control and control activity reports for the program and you should see the test results

    Let me know how it you have anymore questions.  Have fun!

    Jerry Leishman (IT GRC Program Manager)

     

     

     

    Thursday, December 9, 2010 10:35 PM

All replies

  • Henning,

    Good question.  Since you successfully installed the IT Compliance Libraries for Windows 7, Windows Server 2008, and Windows Server 2008 R2, you have created teh automated control activities.  You can verify this by selecting "Library" on the SCSM Wunderbar.  You will then be presented with a list of Libraries.  Select the "Automated Control Activity Template" to get a list of control activities that you can use.  You should see a set for each OS.

    Now to take advantage of teh automated control activiteis in SM IT GRC and SCM installed in SCCM, you will need to create a compliance program with controls and the automated control activities.  Once you have completed these steps, you can begin operational use of the tool and see the automaated test results flow form SCCM into SM and be reported.

    I have summarized the steps below to set up a program and start operational execution.  You should refer to the IT GRC PMP Operations guide for additional program set-up information and troubleshooting and the IT CML deployment guide for SCCM DCM set-up and configuration.  Here are the basic steps:

    1. Select "Compliance and Risk Items" from Wunderbar
    2. Select "Program Management"  from workarea
    3. Select "Create Program" from Task Bar and populate title, description
    4. Add Program scope of machines that correspond with the SCCM collection of machines that the baseline DCM is applied.
    5. Select "Apply" and Publish Program
    6. Then select "Create Controls from Library" from Task Bar to populate the program with authority docs, controls and activities templates.
    7. Select your program and all libraries.
    8. Select an Authority Document, such as PCI 1.2 which uses the automated activities,
    9. Select corresponding Control Objectives,
    10. Select associated Control Activities. 
    11. Select create and the library templates you selected will be copied into your Program as instances that you can modify.
    12. Publish the control objectives and control activities.
    13. Run the DCM on SCCM for the program collection
    14. Turn on the SCCM IT GRC connector and sync it
    15. SCCM test results will flow into the SM DW.
    16. Run the Program, Control and control activity reports for the program and you should see the test results

    Let me know how it you have anymore questions.  Have fun!

    Jerry Leishman (IT GRC Program Manager)

     

     

     

    Thursday, December 9, 2010 10:35 PM
  • Hi Jerry,

    thank you for the detailed answer.

    Until now it looks good. I get back if I have more questions.

    Henning

    Friday, December 10, 2010 4:36 PM
  • Hey,

    Thanks for such nice information.

    Do we have any web link , information source that we can put as a refernce while creating the guidelines using these steps?


    Vishal Soni

    Friday, June 22, 2012 11:16 AM