Policies are used to verify network device configurations and to enforce the consistency of configurations across the network. NetMRI can perform analysis when it detects device configuration changes, or on an ad hoc basis for past, present, or future configuration files. Policies drive a key feature of NetMRI— called Policy Compliance.
A configuration Policy consists of one or more rules. Rules use different forms of XML-based regular expression pattern matching against configuration files — and tests of other data NetMRI has collected — to verify that the configuration of the device meets the rules. Each rule has a severity level and can define a device filter to limit the types of devices to which it applies. You may freely re-use rules in different policies.
NetMRI provides a library containing numerous pre-packaged policies. As an example, DISA policies provide a top-level overview of the network's adherence to security and network infrastructure mandates from the Department of Defense. Because networks managed by NetMRI are normally enterprise or data center, Defense Information Systems Agency (DISA)-based Policy Compliance is advisory in nature; DISA guidelines provide a baseline framework for establishing a secure network. NetMRI bases many policies upon published DISA implementation guides. Other policy sets include the use of PCI 3.0 rules to help NetMRI users in commercial businesses to support a baseline of technical and operational security requirements for payment card transactions.
The main vehicle for creating and maintaining Policies is called the Policy Design Center.
The Policy Design Center uses an XML Schema (XSD) to validate all rules before any rules are deployed and used for policy enforcement. This feature reduces the chances of errors that lead to an "invalid" result for a rule evaluation. You can immediately download the schema XSD file by creating a new rule, choosing the Raw XML editor, and clicking Download XML Schema. You can also select any admin-defined XML rule from the left pane of the Config Management > Policy Design Center > Rules page, clicking the Edit button and then clicking Download XML Schema.
For more information, see the following topics: