The expected values for some controls must be specified as a regular expression or a list of string values and regular expressions. Select a cardinality (i.e. match any, match all, contains) and then enter the expected value in the field provided. See Regular Expression Symbols for standard symbols and their meanings.
The compliance module implements Perl Compatible Regular Expressions (PCRE) following the PCRE standard. For information on this standard, go to http://www.pcre.org/. For information on building proper regular expressions for controls using this standard, go to http://perldoc.perl.org/perlre.html. Note that users should escape special characters in PCRE regular expressions for string matching to occur correctly:
( ) [ ] | ^ $ -
For example, to match the string "(cs" you must enter "\(cs" (add backslash before the special character).
A single string may be returned in the scan results (X) compared to a single string entered in the policy (Y).
In the policy, enter the expected value as a regular expression in the field provided. The string value returned in the scan results will be compared to the regular expression defined for the control to determine the pass/fail status.
For this type of control, no cardinality options appear. You are compliant when X is equal to Y.
A list of strings may be returned in the scan results (X) compared to a single string entered in the policy (Y).
In the policy, select a cardinality and enter the expected value as a regular expression in the field provided. The list of string values returned in the scan results will be compared to the regular expression defined for the control to determine the pass/fail status.
The following cardinality options appear.
|
cardinality |
you are compliant when |
|
match any |
any string in X matches Y |
|
match all |
all strings in X match Y |
|
match none |
no strings in X match Y |
|
empty |
X is empty |
|
not empty |
X is not empty |
A list of strings may be returned in the scan results (X) compared to a list of strings entered in the policy (Y). When specifying Windows permissions, see the following topics for guidance on entering the expected value: Registry Permissions and File/Directory Permissions.
In the policy, select a cardinality and enter the expected value in the field provided. When entering multiple values, enter each value on a separate line.
When setting the value for a user-defined custom control set to the "String List" data type, you also have two operator options that appear: regular expression list and string list. These operator options are described below.
The following cardinality options appear.
|
cardinality |
you are compliant when |
|
contains |
X contains all of Y |
|
does not contain |
X does not contain any of Y |
|
intersect |
any string in X matches any string in Y |
|
matches |
all strings in X match all strings in Y (listed in any order) |
|
is contained in |
all strings in X are contained in Y |
The following operator options appear.
|
operator |
description |
|
regular expression list |
Select this option if you are specifying the default value as a list of regular expressions that you want to compare the results to. |
|
string list |
Select this option if you are specifying the default value as a list of string values that you want to compare the results to. |