Welcome
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content such as checks and checklists, which assess and manage devices to ensure compliance standards are met.
Configuration Management for Console User Guide
Configuration management (SCM) is used to manage the security configuration of devices using checklists, which includes creating custom checklists, customizing individual checks, synchronizing, and deploying checklists to devices.
Configuring Windows and Web Browser Checklist
The Configuration Management checklists for the Windows™ and Web Browser systems are delivered as a set of Fixlets and tasks that can help you find the information you need to manage your deployment.
Windows and Web browser Checklist Components
The Windows™ and Web browser checklist components ensure that the system is systematically reviewed and remains operational, secure, and compliant.
Deploy and Run task
Deploy and Run tasks are a crucial part of the checklist, especially for checks where continuous monitoring is not feasible.
Understanding the output of deploy and Run task
With Windows content, endpoint scans are accomplished by a series of Windows powershell scripts that provide greater accessibility to Windows system administrators.

BigFix Documentation Homepage
BigFix 11 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
BigFix Platform
BigFix Query
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance Guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Compliance Setup Guide and User Guide
BigFix Compliance Analytics is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content such as checks and checklists, which assess and manage devices to ensure compliance standards are met.
- Configuration Management for Console User Guide
  Configuration management (SCM) is used to manage the security configuration of devices using checklists, which includes creating custom checklists, customizing individual checks, synchronizing, and deploying checklists to devices.
  - Setting up Configuration Management
    Follow these steps to set up your Configuration Management deployment.
  - Using checks and checklists
  - Configuring Windows and Web Browser Checklist
    The Configuration Management checklists for the Windows™ and Web Browser systems are delivered as a set of Fixlets and tasks that can help you find the information you need to manage your deployment.
    - Overview
      You can configure the Windows™ and the Web Browser checklists for the Windows operating system and web browsers.
    - Setup and configuration
      Create custom copies of the Windows™ and Web browser checklist content if you want to modify the checks based on a specific corporate policy. Use the Create Custom Checklist wizard to create copies of the Windows and Web browser checklists and save them in a custom site.
    - Windows and Web browser Checklist Components
      The Windows™ and Web browser checklist components ensure that the system is systematically reviewed and remains operational, secure, and compliant.
      - Deploy and Run task
        Deploy and Run tasks are a crucial part of the checklist, especially for checks where continuous monitoring is not feasible.
        Understanding the output of deploy and Run task
        With Windows content, endpoint scans are accomplished by a series of Windows powershell scripts that provide greater accessibility to Windows system administrators.
      - Applicability Fixlets
        Learn about concepts and the work process in Configuration Management.
      - Remediation
        Most Windows™ and Web browser checks include built-in remediation capabilities. However, a smaller subset of Windows and Web browser audit checks allows customization to audit a non-default value.
    - Measured Value Analysis
      Many check Fixlets have a corresponding analysis, often referred to as "measured values", which report the value of the element being evaluated by the check Fixlet.
    - Using checks and checklists
      The check Fixlets in Configuration Management checklists evaluate an endpoint against a defined configuration standard. Many of these check Fixlets have a corresponding analysis, often referred to as "measured values", which reports the value of the element being assessed by the check Fixlet.
  - Configuring Linux checklists
    The Configuration Management checklists for Linux systems are delivered as a set of Fixlets and tasks that can help you find the information you need to manage your deployment.
  - Configuring Middleware Checklists
    The Configuration Management checklists for Middleware systems are delivered as a set of Fixlet and tasks that can help you find the information you need to manage your deployment.
  - Configuring Unix checklists
    The Configuration Management checklists for UNIX™ systems are delivered as a set of Fixlets and tasks that can help you find the information you need to manage your deployment.
  - Importing SCAP content
    BigFix uses an Security Content Automation Protocol (SCAP) Import Wizard to convert SCAP XML input files, typically XCCDF files, into BigFix content such as Fixlets. This process enables the integration of standardized security content into the BigFix platform.
  - Configuration Management Reporting
  - Frequently asked questions
- Security Configuration Management for WebUI User Guide
  Security Configuration Management (SCM) App in WebUI continuously assesses and manages the device for security misconfiguration and deviation, which enables operators to deploy remediation actions to ensure the device meets compliance standards.
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
Middleware Application Patching
Middleware Application Patching is an important process for organizations to ensure their systems are secure and up to date. By applying the appropriate patches and security updates, organizations can minimize the risk of malicious attacks and potential data loss. BigFix users can enjoy unified patch management by using a single platform for deploying database and middleware patches.
RBI Compliance User Guide
Discover how the RBI Compliance Report provides a centralized and automated reporting solution for monitoring device and Fixlet compliance.
BigFix Remediate
BigFix MCM
Glossary
This glossary provides terms and definitions for the BigFix® Compliance software and products.

Understanding the output of deploy and Run task

With Windows content, endpoint scans are accomplished by a series of Windows powershell scripts that provide greater accessibility to Windows system administrators.

In BigFix, Fixlets continuously evaluate conditions on each endpoint, displaying results in the console when their relevance clauses of the Fixlets evaluate to true or false. For Windows systems, the "Deploy and Run Task" within a Security Checklist initiates a scan of the endpoints. This scan can be executed on an ad hoc basis whenever a scan is required or configured as a recurring policy from the console.

The endpoint scan is carried out by various Windows powershell scripts available within the Deploy and Run tasks. These scripts write the information to an output file, which is then used by the corresponding Fixlet checks for evaluation. Once the results files are written to disk, the Fixlets read the output and display the results in the console.

After executing the Deploy and Run task from the Security Checklist, the scripts run and store the results under the directory:

C:\Program Files (x86)\BigFix
                Enterprise\BES Client\__BESData\__SCMData

, which contains several components as detailed below:

Table 1. Deploy and Run task result file structure
CIS_secpol.txt	This output file stores security policies of particular CIS Fixlets.
DISA_secpol.txt	This output file stores security policies of particular DISA Fixlets.
Universal_secpol.txt	This output file stores security policies of particular Universal Checklist Fixlets.