Creating a compliance policy

A Compliance Policy stipulates conditions that the devices must adhere to. A Compliance Policy contains Compliance Rules and can be configured to send an e-mail action in the event that a policy fails. Use this procedure to create a compliance policy.

Before you begin

To define new Compliance Policies or edit existing Policies, access to the User Interface wizard is required. In defining Compliance Policies, a user must specify to which devices the Policy applies. It is simple for a user to copy an existing Policy, and modify some of its components in order to create a new Policy.

About this task

You can an informational action (e-mail) during the creation of the policy or later.

Follow these steps to create a Compliance Policy.

Procedure

  1. Select Create > Policy.

    The Create a Policy window displays. Mandatory fields are denoted by an * (asterisk). Rules to be included are also required at this stage.

  2. Use the following descriptions as a guide to entering the appropriate information in the Create a Policy window.
    Name:
    Specifies the name used to identify the policy. This field takes a maximum of 255 characters. This is a mandatory field.
    Description:
    Specifies a brief narrative attached to the policy whose purpose is to explain its function or use. This field takes a maximum of 4000 characters.
    Revision No:
    Specifies an automatically generated number that is given an initial value of 1. Each time the policy is edited, the revision number is incremented by 1. This is for versioning control.
    Impact:
    Specifies a brief narrative to complement the Severity and Weight fields. This field takes a maximum of 255 characters.
    Severity:
    Specifies the severity of the error, in the event the policy is violated. The user can select one of the following severity values:
    Severity value Severity

    1

    Critical

    2

    Major

    3

    Minor

    4

    Warning

    5

    Indeterminate

    Weight
    Specifies a "weight" that a user can assign to each policy using a sliding scale. The weight score can be between 1 and 100, with the default score being 25. This weight is used to calculate the compliance score that is shown in the Policy Compliance Score & Summary reports.
    Send Trap
    When this option is selected the policy will generate a compliance event upon execution. If Netcool Configuration Manager is integrated with Network Manager and Tivoli Netcool/OMNIbus, please be aware of the number of events that are being generated and passed to Network Manager. Users can safeguard by not selecting the “Send Trap” checkbox for those Policies which do not require traps. SNMP traps (Send trap checkbox) are enabled by default.
    Preemptive
    When this option is selected the policy can be used for pre-emptive validations.
    Note: A pre-emptive policy can only contain modelled definitions and modelled extractions.
    Applicable Device Filter
    This filter allows the ability to select which device VTMOS applies to this policy. As well as drop down selection for VTMOS, a regular expression is supported for all filters.
    Note: The selected value entered in the Model Filter will be checked against both 'Model' and 'Actual Model' fields (as in the Device Viewer).
    Rules Included
    Select the Rule(s) required from the navigation pane, and select using the arrows in the middle of the panel. A new Rule may be created at this stage using the "Create new" icon; this invokes the Create a Rule window.
    Note: Please be aware of the following default properties in /opt/ IBM/tivoli/netcool/ncm/compliance/config/properties/WorkFlowManager.properties.
    • sendComplianceEvents=true — Set this property to false if no events need to be sent.
    • sendRepeatComplianceEvents=false — Set this property to true if repeat pass events need to be sent where the sendComplianceEvent property is set to true.
  3. Click Next to progress.

    The Select Actions window displays. This window provides Action Types available in the event the Compliance Policy is violated.

  4. Use the following descriptions as a guide to entering the appropriate information in the Select Actions window.
    No Action
    Specifies that no action will be taken.
    Email
    Specifies that an e-mail will be sent to an elected individual or application, and the content of the e-mail will explain the violation. All devices violating a specific policy will be included automatically in the body of the e-mail.
  5. Click Next to continue.

    The Choose a Save Location window displays.

  6. Navigate through the tree structure, and choose the location where you wish to save to. Otherwise, it is possible to create a new folder from here if required.
  7. Click Finish to complete the creation of the Compliance Policy.

What to do next

The new or updated Compliance Policy can be validated using the test function that can be invoked using the test icon. The test function allows the user to run an ad-hoc validation of a policy, but without adding the validation results to the overall network compliance status.