Defining a Policy in the Configure Policy Window - PAS Integrity Software Suite - 7.3 - Administration & Configuration - Intergraph

Integrity Administration Guide

Language
English
Product
PAS Integrity Software Suite
Subproduct
Cyber
Search by Category
Administration & Configuration
PAS Version
7.3

You can configure policies for the specific needs and demands of your business. This topic describes how to define the various policy settings on the Configure Policy window, which is displayed when you are creating or modifying a policy. For more information, see Creating a Policy or Modifying an Existing Policy.

Policies establish a set value for certain configuration items and measure a group of assets against this standard. Policy settings identify specific attributes that are part of a standard. You can specify an unlimited number of policies, as well as change existing policies as needs change. For example, when an antivirus software vendor like McAfee releases a software update, Cyber Integrity administrators can specify the updated version in the policy and then quickly scan their network to list assets that do not match the new standard. Cyber Integrity helps make sure that not only do devices have antivirus software installed, but they also have the minimum version of that software installed.

The NERC CIP requirement for ports and services is that all open ports and services have been authorized to be open with a justification specified. Using policy, you can identify an open port and service that should not be running on a machine. This identification helps you know what is running and why so you can better secure and manage your environment. The following figure shows the Configure Policy window.

admin-cyber-policy-configure

To define a policy in the Configure Policy window:

  1. Open the Configure Policy window by creating a new policy or modifying an existing policy. For more information, see Creating a Policy or Modifying an Existing Policy.

  2. Verify that the Policy Name and Description values are correct.

  3. For each object type and data item (attribute) you want to include in the policy, complete the following steps:

    1. In the Select an object type field, select an object type from the list for the selected asset. The window displays matching objects in the Select a master system field. You can filter the listed object types to more easily find the object type you need. For more information, see Filtering Object Types and Data Items for Policy Selections.

    2. In the Select a master system field, select the system you want to use as your master system. Other systems will be compared to the system you select. The window displays data from the selected master system.

    3. In the Select data field, select the items you want to include in the policy and drag them to the Policy settings field on the right. You can filter the listed data items to more easily find the data items you need. For more information, see Filtering Object Types and Data Items for Policy Selections.

    4. In the Policy settings field, the Evaluator column allows you to specify whether an item is Required, Allowed, or Not Allowed. You can create a white list by selecting a grouped item, right-click, and then click Create a white list. All items in the group are set to Allowed. You can create a black list by selecting a grouped item, right-click, and then click Create a black list. All items in the group are set to Not Allowed.

    5. In the Policy settings field, the Importance column allows you to specify whether the priority of an item is High, Medium, or Low.

  4. If you want to manually add items to the policy, complete the following steps:

    You can configure complex policy items, such as Caption = "Windows 7", CSDVersion = "Service Pack 1", and Version > "6.1.7601". Integrity detects numeric values, date and time, or numeric sequences, such as 6.1.7601, to allow operators different comparison options.

    1. Click Add. The Add New Policy Item window is displayed.

    2. In the Select Object Type field, select the object type for the item you want to add to the policy.

    3. In the Name column, type the name of the attribute you want to check.

    4. In the Value column, type the value you want to compare to the attribute.

    5. In the Comparison column, select the type of comparison you want to use for the policy item, such as contains or =.

    6. Click Add. Then, click Close.

  5. If you want to add an item for open ports to the policy, you can use the steps for manually adding items to the policy. You can configure a Port Number or select Use Range of Values parameters for an Open Port or Recon object type. You can also select multiple parameters for the Open Ports for the Recon object type.

  6. If you want to group items in the policy, complete the following steps:

    Policy items of the same object type can be grouped together by assigning the same Group ID to the items. Non-grouped items are grouped by Object Type, with the Group ID being displayed as None. You can assign a Group ID, change a Group ID, or ungroup already grouped items.

    1. Select the items you want to group in the Policy settings field.

    2. Click Group.

    3. Type the group name, and then click OK.

  7. If you want to rename an object type in the policy, type the value you want to use in the Indicator Name column for that item.

    admin-cyber-policy-rename-objtype

    You can also associate policy settings with a compliance item by selecting the desired item from the list available under Compliance.

  8. If you want to change a value in the Policy settings, complete the following steps:

    1. Double-click the stored value you want to change. The Row Editor window is displayed.

    2. Change the values you want, and then click OK.

  9. When the policy is complete, click Save, and then click Close.

  10. On the Policy Management page of the Admin Utility, click Publish current changes. Policies must be published before moving them into Monitored Systems. Integrity increments the version number of the policy.

  11. Run the policy and review the results to make sure your policy is defined as you want it. For more information, see Running a Policy and Evaluating the Results.

  12. If you want to display this policy in the KPI dashboard of the Cyber Integrity web interface, complete the following steps:

    1. Open Configuration Manager on the Integrity server. To open Configuration Manager, run the following file:

      InstallPath\DataCollector\ConfigurationManager.exe

    2. Click Manage Indicators.

    3. Make the necessary changes, and then click Save. For more information, see Configuring the Cyber Integrity Dashboard.