Welcome
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
BigFix Compliance Analytics User Guide
BigFix Compliance Analytics is a component of BigFix Compliance, that includes technical controls and tools that are based on industry practices and standards for endpoint and server security configuration.
Security Configuration Reporting
Checks Report

BigFix Documentation Homepage
BigFix 10 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
BigFix Platform
BigFix Query
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance Guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
- BigFix Compliance Analytics Setup Guide
- BigFix Compliance Analytics User Guide
  BigFix Compliance Analytics is a component of BigFix Compliance, that includes technical controls and tools that are based on industry practices and standards for endpoint and server security configuration.
  - Introduction
  - General Usage Concepts
  - Management Tasks
    The following management tasks can be performed if you have appropriate permissions.
  - Security Configuration Reporting
  - Patch Domain
  - Vulnerability Domain
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
BigFix and Carbon Black integration
The HCL BigFix and Carbon Black integration allows administrators to deploy a full endpoint security solution to detect, contain, investigate, and remediate security threats and attacks on endpoints across the enterprise. The following sections provide useful information and links to the resources available for the solution.
Middleware Application Patching
BigFix Remediate
BigFix MCM

Checks Report

Select Security Configuration domain using Domains and click Reports to find the following report:

Checks: Shows the detailed view of various checks, their descriptions, desired values, and the overall, historical aggregate of the compliance results.

Columns

Name:

This section lists all the checks by their names. Each check represents a specific criterion or setting that must undergo validation to ensure compliance with security standards.

Description:

This part provides a detailed explanation of what each check entails. It includes the specific details of what the check monitors or evaluates within the system.

Desired Values:

Each check has a 'desired value' which represents the expected or compliant state for that check.
The desired value can be of different types such as integer, string, or none.
It is important to note that not all checks have a designated desired value. If a check does not have a desired value, it implies that it is not modifiable, and its value will be shown as <none> or none.
Checks with desired values can be configured to meet different requirements.

This part provides a detailed explanation of what each check entails. It includes the specific details of what the check monitors or evaluates within the system.

Compliance Results:

This shows the historical cumulative data depicting how the systems have adhered to each check over a period of time.

Note: The values from both the BigFix Console and CIS Benchmarks, including their desired states, can be retrieved and, if configurable, modified through the BigFix console.

Note: CIS benchmark documents are accessible in the console via fixlet descriptions of each check.

Note: The desired value is customer-defined, while the default value aligns with CIS recommendations.

Sample of Check Report from Security Configuration Domain — Figure 1. Sample of Check Report from Security Configuration Domain

Check with customized Desired Value — Figure 2. Check with customized Desired Value

Check with no default Desired Value — Figure 3. Check with no default Desired Value