Compliance Management

About Compliance Management

Compliance management allows the ability to evaluate the compliance of targets and systems. This is accomplished by defining, customizing, and managing compliance frameworks, compliance standards, and compliance standard rules.

A compliance framework is a hierarchical structure where any node can be mapped to one or more compliance standards, compliance standard rule folders, and compliance standard rules.

A compliance standard is a collection of checks or rules. It is a compliance control that must be tested against come set of IT infrastructure to determine if the control is being followed.

Managing Compliance Framework

To manage compliance frameworks, follow these steps:

From the Enterprise menu, select Compliance, and then select Library.
Click the Compliance Frameworks tab.
Highlight the compliance framework you want to manage and choose the action you want to perform.

Configuring the SQL Server Configuration Compliance Standard

Follow the steps below to configure the Microsoft SQL Server configuration compliance standard:

From the Enterprise menu, select Compliance, then select Library.
Click the Compliance Standards tab.
Refine your search, by using the Search option (Figure 9-1). On the Compliance Standard line, enter SQL Server Configuration Compliance Standard, and click Search. This action will narrow the list down to the SQL Server Compliance Standard.

Figure 9-1 Refined Compliance Search
Highlight the compliance standard and select Associate Targets. This will take you to the Compliance Standard Target Association page, as shown in Figure 9-2:

Figure 9-2 Compliance Standard Target Association
Click Add. The Select Targets menu will appear with a list of targets that you can select to associate with the SQL Server Compliance Standard (Figure 9-3). If you do not see the target you would like to select, use the Target Name search bar at the top. Once you have chosen the targets you would like to associate, click Select.

Figure 9-3 Select Targets
The targets that you selected will now appear in the Target Association table (Figure 9-4). Once targets are in the table you can edit the parameters, remove, enable, or disable them.

Figure 9-4 Added Targets
Once you are finished selecting targets, click OK. In the box that appears select Yes to save your changes. A box will appear advising that the compliance standard was submitted to the target for processing (Figure 9-5). Click OK.

Figure 9-5 Compliance Standard Confirmation

Your target will now be associated with the SQL Server Compliance Standard. It will begin evaluation based on metric collection from that target.

"Create Like" Compliance Standard

To create a compliance standard like another compliance standard, follow these steps:

From the Enterprise menu, select Compliance, then select Library.
Click the Compliance Standards tab.
Click Create Like
Customize the fields as needed.

The name of the compliance standard you are creating must be different than an existing compliance standard.
Click Save.

Editing a Compliance Standard

You can customize compliance standards by editing the existing compliance standard rule settings.

Note:

You cannot edit an Oracle-provided compliance standard; so, you should create a compliance standard like the compliance standard you wish to edit. See "Create Like" Compliance Standard.

Once you have created the like compliance standard you can make the customized changes.

To edit a compliance standard, follow these steps:

From the Enterprise menu, select Compliance, then select Library.
Click the Compliance Standards tab.
Highlight the standard you want to edit and click Edit ().
Update the parameters as needed.
Click Save.

Evaluating Compliance

Compliance evaluation is the process of testing the compliance standard rules mapped to a compliance standard against a target and recording any violations in the Management Repository.

By evaluating a target against a compliance standard, you are determining whether a target complies with the checks of the standard. To ensure compliance you should regularly perform the following actions:

Regularly monitor the compliance dashboard to find areas that may indicate your organization has a low compliance score or is at risk.
Study Oracle-provided reports.
View the results of an evaluation.
Study the trend overview as a result of the evaluation.

Using Trend Overview

Use the graphs in the Trend Overview pages to visually determine whether the targets are adhering to or distancing themselves from the compliance best practices.

To access the Trend Overview pages for compliance standards:

From the Enterprise menu, select Compliance, and then select Results.
From the Compliance Standards tab, choose Evaluation Results.
On the Evaluation Results page, choose the compliance standard you want to investigate and click Show Details.
On the resulting details page, click the Trend Overview tab (Figure 9-6).

Figure 9-6 Compliance Trend Overview

Using Compliance Reports

Enterprise Manager Cloud Control provides reports specific to compliance. To access these reports:

From the Enterprise menu, select Reports, and then select BI Publisher Enterprise Reports.
Scroll to the Compliance Section.

Here you will find a number of reports relating to evaluations against compliance standards and compliance frameworks, as shown in Figure 9-7:

Figure 9-7 Compliance Summary Report

Managing Compliance Violations

You can use the Managing Violations feature to suppress, unsuppress, and clear manual violations:

Accessing the Managing Violations feature (Figure 9-8)
1. From the Enterprise menu, select Compliance, and then select Results.
2. From the Compliance Standards tab, choose Evaluation Results.
3. On the Evaluation Results page, choose the compliance standard you want to investigate and click Manage Violations.
Figure 9-8 Manage Violations
Unsuppressed Violations tab

Use this tab to suppress violations:
1. Select one or more violations.
2. Click Suppress Violations.
3. On the Violation Suppressed Confirmation pop-up, you can suppress the violation indefinitely or provide a date by which the suppression will end. Optionally, you can provide an explanation for the suppression.
4. Click OK.
  
  This submits a job to do the suppression asynchronously and returns you to the Result Library page. A suppression adds an annotation to the underlying event stating that the violation is suppressed along with the reason (if a reason was provided).
  
  Note:
  
  The job results are not instantaneous. It may take a few minutes for the results to be displayed.
Suppressed Violations tab

Use this tab to unsuppress violations:
1. Select one or more violations.
2. Click Unsuppress Violations.
3. On the Violation Unsuppressed Confirmation pop-up, you can provide an explanation for the unsuppression.
4. Click OK.
  
  This submits a job to do the unsuppression asynchronously and returns you to the result library. An unsuppression adds an annotation to the underlying event that the violation is unsuppressed along with the reason (if a reason was provided).
  
  Note:
  
  The job results are not instantaneous. It may take a few minutes for the results to be displayed.
Manual Rule Violations tab

To clear a manual rule violation:
1. Select one or more manual rule violations.
2. Click Clear Violations.
3. On the Clear Violations Confirmation pop-up, you can clear the violation indefinitely or provide a date by which the clear will end. Optionally, you can provide an explanation for the clear.
4. Click OK.
  
  This submits a job to do the manual rule violations clearing asynchronously and returns you to the Result Library page. Clearing manual rule violations also clears the underlying violation event.
  
  Note:
  
  The job results are not instantaneous. It may take a few minutes for the results to be displayed.

Additional Information

For further information regarding Compliance Management, see the Managing Compliance section of the Oracle Enterprise Manager Lifecycle Management Administrator's Guide.