Document toolboxDocument toolbox

Introducing Policy Compliance

Owned by Viktoryia Varapayeva (Deactivated)
Last updated: Aug 25, 2022
2 min read

The Policy Compliance tab (Network Analysis > Policy Compliance) summarizes policy compliance for device groups and devices. Policy Compliance provides a series of rule-based configuration standards to ensure devices conform to broad security requirements when they operate in the network. Note that the Compliance pie chart on the Dashboard page shows the percentage of devices that matched Policy Rules for the current day's time period.

A basic example involves the idea that you should never allow a device with the default admin/admin login tuple to be placed in the production enterprise network. Therefore, you use a Policy Rule mandating this. Policy Compliance also goes much deeper. NetMRI provides Policies based on IAVA and DISA guidelines (and others) to normalize and harden devices against intrusion and unauthorized usage. The guidelines and precepts governing Policies are extensive enough to be beyond the scope of this Admin Guide. The best way to get acquainted with the details of Policy Compliance is to read the descriptions of Rules within individual Policies. Go to Network Analysis > Policy Compliance > Policies, select a Policy and open the tree of Rules in the right panel.

NetMRI's standard model is to deploy policies across an entire Device Group. You can use the standard Policies built into NetMRI. Infoblox recommends using the built-in Policies to develop new ones customized for your network's requirements.

When a Policy Rule is violated, the Rule violation is detected by NetMRI, and an Issue message displays on the Network Analysis > Issues page. In most circumstances, an Error message (the highest Issue severity) is thrown by a Policy violation.

To view a summary for a policy as applied to a device group, hover over the status icon.

To view policy compliance by device group, click All Devices in the Select Device Groups panel to the right of the table. The table will show a summary of policy compliance for each device group.

  • To view policy compliance details for a group, click a status icon for the group. The resulting table lists devices in the group and shows the status for each rule run against them.

  • To view policy compliance details for one rule against one device: Click the status icon. A pop-up window will display information about the rule as it applies to that device.

  • To return to the policy compliance by the device table for the selected group, click the Return to Policy View hyperlink in the upper right corner.

To view policy compliance for individual devices, click a device group in the Select Device Groups panel, or — when the table lists the entire network— click a name in the Device Group column. The table will show per-device policy compliance for devices in the selected group.

  • To view policy compliance details for a device, click a status icon. A pop-up window will display extensive information about the policy as it applies to that device.

  • To view policy compliance for individual policies, open the Policies list (above the right side of the table), and then click the policy you want to see.

  • To view compliance for all policies, open the Policies list (above the right side of the table), and then click All. You can also click the Return to Policy View hyperlink.

Â