The Controls sub-tab helps you identify of all the control instances that are used in scanning your IT assets, how many show the PASS or the FAIL result. You also get to see the categorization of control instances showing FAIL posture into their levels of criticality. This helps you prioritize the remediation measures where you want to treat your high-risk assets first followed by lesser critical assets.
You can use several ways to filter out your posture records. For example, you can view the records in the context of control instances or of assets. You can also group records by controls, control categories, criticality levels, technology categories and subcategories.
When you view posture details for a control, the details include an Evidence section with the Expected and Actual values for each control. The Expected value is the value defined in the compliance policy. The Actual value is the value returned during the last compliance scan on the host. These values are compared during the evaluation process for the control on the host, resulting in a Passed or Failed status.
Select a control you are interested in and select View Posture Details from the Quick Action menu.
In the Posture Summary section, you'll see comprehensive posture summary with many up-to-date details about the policy and the associated controls.
In the General Information section, expand the Evidence drop-down to see the expected and actual values for each control.
When there are multiple sets of criteria for a control, then you'll see them grouped with operators AND, OR. Expand any control description to see the Expected and Actual values.
