Controls
Common UDC Fields
Enter a control statement
This is basically the control name - it's how you'll identify the control in policies, reports and on the controls list.
Select a category
Select the category (and sub-category) this control belongs to. Keep in mind that you (and other users) will be able to search for this control by its category.
Set control criticality
You'll see the criticality in policies and reports whenever control details appear. You can change the criticality level at any time, and overwrite it at the policy level.
Rationale
Enter a rationale statement describing how the control should be implemented for each technology.
Default Values
Entering default values is a time saver. We'll copy your default values to each technology that you select in the Technologies list below so you don't have to.
Ignore errors
When errors occur during control evaluation the status for the control instance is Error. Select this option to mark them as Passed instead.
Ignore "item not found" error
A UDC control returns error code 2 "item not found" in cases where the latest scan did not find data required for control evaluation (e.g. file, registry key, or setting within a file or registry key). Enable this option to return the status Passed or Failed instead of Error when error code 2 "item not found" is returned. You'll choose the status you'd like to return in the policy's control settings.
Tip - If you select this option, the Ignore errors setting is not applied to controls that return the "item not found" error. Those controls will be evaluated according to your policy and status will be set to Passed or Failed.
Select technologies
This is where you set the expected control value for each technology. If you entered default values above then we've copied those values here to save you time. Feel free to overwrite the values, as needed.
Add control references
Add references to internal policies, documents and web sites. For each reference, enter a description, a URL (starting with http://, https:// or ftp://) or both.
File/Directory Integrity Checks (Windows and Unix)
Use scan data as expected value
Select this option and we'll set the expected value for you based on the actual value returned by the scan. To update the value automatically you must also enable the "Auto Update expected value" in your compliance profile.
Select the digest hash type
This is the algorithm that will be used to compute the file/directory digest.
File System Object Types
Only file object type is supported for this control.
Unix Directory Search UDC
Tell us where to search
Point us at the directory you want to search. Be as specific as you can to reduce the search time (there is a search time limit). Then make additional settings that tell us how many levels we should search within the directory, and what to do when we come across other file systems and symbolic links.
File/Directory Name
Use these fields to find files and directories based on the name. You'll notice that * is used by default for the File Name Include and Directory Name Include, meaning that all files will be a match.
File System Object Types
Select each file system object type you want to include in the search. You can include all types or limit the search to only select types.
File Owner
Identify the users and groups that you want to match. You can identify users and groups either by name or ID.
Set search limits
Each time we look for this control we'll consider the search time limit and the match limit. If we hit either limit we'll stop the search.
Control Data Type and Description
The actual value returned for this control is a String List, meaning we'll return a list of matches in the scan results.
Windows Directory Search UDC
Tell us where to search
Point us at the directory you want to search. Be as specific as you can to reduce the search time (there is a search time limit). Then tell us how many levels we should search within the directory.
File System Object Types
Tell us whether you want to search directories, files or both.
Create a list of principals
Want to search for files/directories based on what users can access? Create a list of principals (groups and users) to include in the search and then go to the Permissions section to tell us the permissions you want to match.
Enter comments
This is a place where you can enter notes about the control.