After creating a compliance policy, you can run a compliance assessment.

When running a compliance assessment, your system is scanned for compliance against the built-in Compliance Content library and (if applicable) the Compliance Custom Content library. These libraries contain checks and benchmarks and are updated regularly as security standards change. For more information on the custom content library, see Creating and testing custom content components.

After running your assessment, you can view your results and remediate any nodes that are out of compliance.

After running an assessment, the assessment results are identified and shown on the policy home page as:

  • Compliant - setting is in its intended state compared to the standard or benchmark.
  • Not compliant - setting is not in its intended state compared to the standard or benchmark. Further investigation and possible remediation are recommended.
  • Not applicable - The setting is not applicable to this system. For example, if running a CentOS check on AIX.
  • Unknown - Assessment or remediation has not been run.
  • Error - SaltStack SecOps Compliance encountered an error while running the assessment or remediation.
Note: Policies that include many checks might result in longer assessment processing time, which can delay other processes in SaltStack Config. It is recommended to plan for processing time before initiating an assessment.

Prerequisites

Before you can run an assessment you must create a compliance policy. For more information, see Create a compliance policy.

Procedure

  1. On the SaltStack SecOps Compliance home page, select a policy.
  2. On the policy home page, click Run assessment and then Run assessment again on the confirmation window.
    The Activity window opens. Completed assessments are listed in the Activity window along with their status, Job ID (JID), and other information.
  3. After the assessment is finished, to view your assessment results, select the policy from the SaltStack SecOps Compliance home page.
    The policy home page shows results from the most recent assessment, organized by check. You can filter the list, or select column headings to sort your results. To view assessment results by minion, select Minion.

Results

The assessment is complete and you can review your results. To download the assessment report, select the policy and click Report tab > Download > JSON.

What to do next

After reviewing your assessment results, you can Remediate your assessment results.