Determine the sorting method for report details and the sections that you want to include in the report.
You can group the detailed results in the policy compliance report by Hosts or by Controls. Make your selection from the Group By menu. (Note that the specific hosts and controls included in the report is based on the policy that you select at run time when generating the report.)
Hosts. Each host in the report is listed with the controls that were evaluated on the host.
Controls. Each control in the report is listed with the hosts that the control was evaluated on.
When a control is evaluated for a host, a status of Passed or Failed is returned. The status is determined when the expected value for a control is compared to the actual value for the control. The expected value is defined in the compliance policy. The actual value is returned during the last policy compliance scan on the host.
Identify which status levels you want to include in the report. Your options are:
Passed. A status of Passed indicates that the expected value and the actual value match.
Failed. A status of Failed indicates that the expected value and the actual value do not match.
Passed/Failed. Include both Passed and Failed in the report.
Identify how much information you want to display in the policy report. Each section selected in the template is included in the report. Clear a section to remove it from the report. For example, clear (uncheck) the Appendix option to remove the Appendix section from the report. Note that the Layout area highlights where each section appears. As you clear options in the Sections area, those sections are removed from the Layout preview so that you can see how the report will look.
Each section is described below. Note that some sections only apply when you group by hosts and other sections only apply when you group by controls.
The following sections are always available, regardless of how you group the detailed results:
Control Statistics. This section shows all controls in the policy with the percentage of hosts that passed for each control.
Host Statistics. This section shows all hosts in the policy with the percentage of controls that passed on each host.
Rationale. This is a statement of how the control should be implemented for the technology.
Evidence. The expected value and the actual value for the control on the host. The expected value is the value defined in the compliance policy. The actual value is the value returned during the last compliance scan on the host. These values are compared during the evaluation process for the control on the host, resulting in a Passed or Failed status.
Extended Evidence. Extended evidence includes additional findings/information collected during the evaluation of the control on the host. For example, this may include results returned from queries made by the scanning engine when checking the control value. Extended evidence appears below the expected and actual values in the report.
Exception. When a host is exempt from a control, then exception details may also be included in the report. Exception details include the exception assignee, status, exception creation date and end date.
History. A history of user actions and comments for the exception on the host.
The following sections only apply when you group detailed results by hosts:
Host Summary. The host summary shows the total number of controls in the policy that are applicable to the host, the number of controls that passed and failed for the host, and the number of exceptions for the host. Also displayed is the date and time the host was last scanned for compliance.
Glossary. When you group by hosts, control details appear in a glossary section instead of being repeated for each host in the report. The glossary section provides the control ID and title, the category that the control is assigned to, a list of external mappings (frameworks, regulations and standards) that the control pertains to, and user-provided control comments.
The following sections only apply when you group detailed results by controls:
Control Summary. The control summary shows the total number of hosts in the policy applicable to the control, the number of hosts that passed and failed the control across all technologies, and the number of exceptions for the control. (Note that the control's category and sub-category are always displayed when you group by controls.)
External Mappings. A list of external frameworks, standards and regulations (such as COBIT, ISO, SOX, Basel II, etc.) that the control maps to. The list of frameworks displayed may include all available frameworks or a custom list of frameworks. Managers can customize the list of frameworks for the subscription (on the Setup > Frameworks page) and any user can customize the list of frameworks in the policy report template (on the Frameworks tab).
Comments. User-provided comments entered in the control details.
Technology Summary. The technology summary shows the same information as the controls summary but the information is specific to a particular technology since the same control may apply to multiple technologies.