Defining network compliance policiesEdit online You create compliance policies and define how they are applied using the Netcool Configuration Manager user interface. Compliance policies overviewUse this information to obtain an overview of the Compliance Administration section of the Netcool Configuration Manager - Compliance UI. The overview provides the relationships between the compliance entities.Creating a compliance processUse this procedure to define a new Compliance Process. Defining a new Compliance Process requires access to the User Interface wizard.Editing a compliance processUse this procedure to modify an existing Compliance Process. Modifying a new Compliance Process requires access to the User Interface wizard.Creating a compliance policyA Compliance Policy stipulates conditions that the devices must adhere to. A Compliance Policy contains Compliance Rules and can be configured to send an e-mail action in the event that a policy fails. Use this procedure to create a compliance policy.Editing a compliance policyUsers have the option of editing an existing Compliance Policy at any time. When all changes have been saved and the user has validated that the new version of the policy works correctly, the user can activate the Policy as a new version. Any previous active version becomes inactive.Creating a compliance policy exemptionUse this procedure to define a new Compliance Policy Exemption. Defining a new Compliance Policy Exemption requires access to the User Interface wizard.Creating pre-emptive policiesPre-emptive compliance is a mechanism whereby proposed configuration changes can be checked for compliance before being provisioned on the device, allowing you to evaluate the impact of configuration changes against pre-defined compliance policies for a device. In order to run a pre-emptive compliance, you first create or modify existing policies to make them suitable for execution in a pre-emptive manner. You then create a compliance process to apply the pre-emptive policy to a device.Creating compliance definitions using native CLI configuration linesA compliance definition may contain one or more native command lines (CLI) and use evaluation criteria to match these CLI lines against the device configuration stored in ITNCM-Compliance, which are automatically synchronized from ITNCM - Base each time the configuration changes. Use this procedure to create compliance definitions using native CLI configuration lines.Creating compliance definitions using native commandsCompliance definitions may contain a native (show) command that can be issued against the device to retrieve specific information from the device that is not available in the configuration itself. These definitions contain not only the native command that must be issued to the device, but also define the results that should (or should not) be present in the information returned from the device. Use this procedure to create compliance definitions using native commands.Creating compliance definitions using device modelsModeled definitions are based on modeled device configurations. Modeled definitions are all based on XPaths. An XPath is a search mechanism used in XML, and models an XML document as a tree of nodes. Use this procedure to create Compliance Definitions using device models.Creating compliance definitions using scriptsScript-based definitions allow you to compose your own validation logic, thereby enhancing your control over what you are trying to validate. Use this procedure to create compliance definitions using JavaScript.Editing an existing compliance definitionA compliance definition captures the device characteristics that must be validated as part of a specific policy. The scope of a compliance definition may range from a single configuration line that must evaluated to a complex evaluation of multiple configuration snippets with regular expression logic and parameters. Use this procedure to edit an existing compliance definition.Creating compliance rulesA Compliance Policy stipulates conditions that the devices must adhere to. A Compliance Policy contains Compliance Rules and can be configured to send an e-mail action in the event that a policy fails. Compliance Rules enable the user to combine multiple compliance definitions to build the full validation to which a device must adhere in order to pass a compliance test. Use this procedure to create a compliance rule.Editing compliance rulesA Compliance Policy stipulates conditions that the devices must adhere to. A Compliance Policy contains Compliance Rules and can be configured to send an e-mail action in the event that a policy fails. Compliance Rules enable the user to combine multiple compliance definitions to build the full validation to which a device must adhere in order to pass a compliance test. Use this procedure to edit an existing Compliance Rule.Creating an e-mail actionCompliance actions can be remedial (invoking a commandset in ITNCM - Base) or informational (e-mail) by nature. Use this procedure to create an e-mail compliance action.Creating a remedial actionCompliance actions can be remedial (invoking a commandset in ITNCM - Base) or informational (e-mail or notification) by nature. Use this procedure to create a remedial compliance action.Editing an existing actionCompliance actions can be remedial (invoking a commandset in ITNCM - Base) or informational (e-mail) by nature. Use this procedure to edit any of the types of compliance actions.Creating compliance extractionsCompliance extractions are a compliance component where specific chunks of data can be extracted from the native or modelled configuration or a show command. You can create extractions that uses native CLI configuration lines, native commands, or device models. Editing an existing compliance extractionCompliance extractions are a compliance component where specific chunks of data can be extracted from the native or modelled configuration or a show command. Use this procedure to edit any of the types of compliance extractions.Creating global parametersGlobal parameters are available to all evaluations used in a definition. Use this procedure to create global parameters as part of parameter administration.Creating group parametersParameter groups involve a list of values that are supplied to the definition. Use this procedure to create group parameters.Editing process parametersUse this procedure to edit process parameters.Creating script parametersThe script based parameter allows the user to manipulate extraction values, or if required extract values from an external source. It is very similar to the script based definition where it uses javascript. But in this case the script must return a list of values or single value. The script parameter can use extractions and other parameters types if required. Use this procedure to create script parameters.Defining advanced VTMOS filtersThe Advanced VTMOS filter provides a way to choose multiple options when filtering on devices. Use this procedure to create device filters from multiple options.Creating compliance definitions using a golden configurationUse this procedure to create compliance definitions using a golden configuration.Creating compliance definitions using a 'device-specific' golden configurationUse this procedure to modify compliance definitions using a 'device-specific' golden configuration.Parent topic: Managing network compliance