Specialized policy compliance reports identify whether compliance scanned hosts are meeting requirements outlined in user-defined policies. There are 4 policy compliance reports provided by the service for reporting on compliance scan data. These reports are only available if the compliance module is enabled in your subscription and you have compliance management privileges. Policy compliance reports are described below.
Generate policy compliance reports from the Report section. Select Report on the left menu and go to New > Compliance Report. Then select either Template Based or Interactive. See Running Policy Compliance Reports for more information.
There are 2 template based compliance reports provided by the service for policy compliance: Authentication Report and Policy Report. These template based reports are different from other compliance reports in that they're based on data gathered from compliance scans. Other compliance reports, including the PCI reports and Top 20 reports, are based on data gathered from vulnerability scans. Generated template based reports are automatically saved to Report Share.
The Authentication Report identifies whether authentication to hosts was successful for the most recent compliance scans. This is an important tool as successful authentication is a requirement for compliance scanning. If authentication to a host is not successful, then no controls can be evaluated for the host and no compliance data can be collected for the host. If authentication to a host is successful, then the host can be evaluated for compliance.
A status of Passed in your Authentication Report indicates that authentication to the host was successful. A status of Failed in your Authentication Report indicates that authentication to the host was not successful. A status of Passed* indicates that authentication to the host was successful but there were insufficient privileges to perform posture evaluation.
This report uses a hidden report template provided by the service. This template cannot be viewed from the report templates list.
The Policy Report identifies compliance status for a specific policy. The report lists hosts relevant to the policy with the controls tested on each host and the passed/failed status for each control. For each control, you can view the expected value as defined in the policy and the actual value returned when the host was last scanned. The Policy Report also includes graphs that show compliance trend information, including the number of active hosts for a policy over time, the number of controls in a policy over time, and the number of control instances that passed/failed over time.
This report requires a user-created policy report template. See Creating Policy Report Templates for more information.
There are 2 interactive compliance reports provided by the service for policy compliance: Control Pass/Fail Report and Individual Host Compliance Report. These interactive reports are not template based. Instead, you provide the report target and display and sorting options from within the report itself, and you can modify the report options at any time to update the report results. Interactive reports are not saved to Report Share.
Interactive reports provide an important workflow for requesting and modifying exceptions. An exception may be requested for any control with a Failed compliance status. You can request a single exception or batch request multiple exceptions from your interactive reports. Users with the ability to modify exceptions can also accept/reject exceptions, reassign exceptions and add comments to exception details from interactive reports.
The Control Pass/Fail Report identifies the pass/fail status for a specific control. When running this report, identify the policy and control you want to report on. Hosts included in the report are listed with a pass or fail status for the specified control.
The Individual Host Compliance Report identifies the compliance status for a specific host. When running this report, identify the policy and host you want to report on. Each control from the policy that is applicable to the host is listed with a pass or fail status.