Managing Custom Controls

Managers and Auditors can add custom controls to the controls list making them available for compliance scanning and reporting. The service supports custom controls for both Windows and Unix platforms.

When defining custom controls, you must 1) provide general information for the control like a control statement and category, 2) specify the scan parameters that define the data point check to be performed by the scanning engine, and 3) identify the technologies that the control applies to and set the default expected value for each technology.

The service collects compliance data on hosts during compliance scans (using the scan parameters defined for each control) and then evaluates the data using policies and reporting. All controls are included in all compliance scans automatically, including controls that have not yet been added to a policy. This means that if you add several custom controls to the subscription, the time it takes to complete a compliance scan may be affected.

 

To create a custom control:

1.    Select Controls from the left menu, under Tools.

2.    Go to New > Control.

3.    Select the tab for either Windows Control Types or Unix Control Types.

4.    Identify the type of control you want to create and click the Get Started button to start the creation process.

5.    Provide details for your new control in the following sections: General Information, Scan Parameters, Control Technologies and References. For specific details for each control type, see the following:

For Windows controls:

      Registry Key Existence

      Registry Value Existence

      Registry Value Content Check

      Registry Permission

      File/Directory Existence

      File/Directory Permission

      File Integrity Check

For Unix controls:

      File Content Check

      File/Directory Existence

      File/Directory Permission

      File Integrity Check

6.    Click Create to save the new control.

Once saved, the custom control appears in the controls list with the service-provided controls. The service automatically assigns the new custom control a unique CID (Control ID) starting at 100000. Subsequent CIDs are incremented by one, as in 100001, 100002, 100003, etc.

 

To edit a custom control:

1.    Select Controls from the left menu, under Tools.

2.    Identify the custom control you want to change and click ico_edit.jpg.

3.    Make changes to the General Information, Control Technologies and References sections. In the Scan Parameters section, you can change the data point description but not the scan parameters that make up the data point (registry hive, key, value, etc). If you change the data point description, then all controls that use the same data point are updated automatically to use the new description.

4.    Click Save.