About NCM policy reports
Use policy reports to verify that device configurations comply with internal policies and external regulations. Each policy report enforces one or more rules. When the policy report runs, NCM scans the specified configuration files and reports any rule violations. Policy reports can also include remediation scripts to bring the configuration file into compliance.
SolarWinds provides a set of example policy reports that you can modify to meet your needs. You can also create custom policy reports.
Policy reports cannot be run against configurations that are downloaded in XML format.
How rules, policies, and policy reports work together
Each policy report includes one or more policies, and each policy includes one or more rules.
A rule defines a condition that must or must not exist. Rules can also contain remediation scripts to be run if the rule is violated.
For example, a rule could specify that devices must have banners that include copyright information. And the rule could contain a script to add the copyright information if it is missing.
A policy groups related rules, and specifies which nodes and config types the rules apply to.
A policy report groups related policies. When the report runs, it scans the configs specified in the policies and reports any rule violations.
With this structure, you can include the same rule in multiple policies, and the same policy in multiple reports.
Common uses for policy reports
Use policy reports to ensure that you are in compliance with federal regulations and other industry standards, including:
- Sarbanes-Oxley Act (SOX)
- Health Insurance Portability and Accountability (HIPAA)
- Computer Inventory of Survey Plans (CISP)
- Payment Card Industry (PCI) data security policies
- Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG)
Compliance with internal standards and policies
Standardization is a vital part of keeping the network running smoothly. Use policy reports to locate device configurations that do not comply with your organization's standards or policies. For example:
- Enforce interface naming guidelines.
- Enforce Quality of Service (QoS) traffic shaping policies.
- Verify that the correct banner is present.
- Change the copyright date when the year changes.
To proactively protect against hackers, malware, and other security threats, use policy reports to ensure that network device configurations comply with your organization's security policies. For example:
- Ensure that the default password has been reset on all devices.
- For SNMP-enabled devices, verify that the default public community string is not present.
- Enforce standards for password length.
- Search access control lists (ACLs) for rules that must or must not be present.
Tasks to create and run a policy report
To create custom policy reports, complete the following tasks:
- Create the rules that the policy report will enforce.
- Create policies to group related rules and to define which device configs will be checked for compliance.
- Create the policy report to group related policies.