BigFix V9.5 Compliance Documentation
Welcome to the BigFix Compliance documentation, where you can find information about how to install, maintain, and use BigFix Compliance.
Compliance Overview
BigFix Compliance helps support endpoint security throughout your organization.
Compliance guides in PDF format
Following is a list of links to the BigFix Compliance user guides in PDF format:
Client Manager for Endpoint Protection
BigFix Compliance CMEP is an effective tool to monitor the deployment and health status of various Endpoint Protection products and provide quick remediation actions to recover needed endpoint protection.
Client Manager for Endpoint Protection (CMEP) for Console User Guide
Client Manager for Endpoint Protection (CMEP) encompasses Anti-Virus, spyware tools, and device control capabilities.
Client Manager for Endpoint Protection (CMEP) App in WebUI User Guide
Client Manager for Endpoint Protection (CMEP) App in WebUI includes antivirus and definition update tools.
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Configuration Management for Console User Guide
Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
Security Configuration Management for WebUI User Guide
Security Configuration Management (SCM) App in WebUI continuously assess and manages the device for security misconfiguration and deviation, which enables operator to deploy remediation action to ensure the device meets compliance standards.
BigFix Compliance Payment Card Industry (PCI) Add-on User Guide
BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Overview
HCL BigFix Compliance PCI Add-on is a new chargeable component that provides security configuration checklists that are based on the Payment Card Industry Data Security Standard (PCI DSS). These compliance checks are designed to help ensure continuous compliance at every endpoint in your organization.
Setup
Complete configuration steps to access the PCI DSS checklists and checks and ensure accurate relevance evaluation on the endpoints.
Using checks and checklists
The check Fixlets in Configuration Management checklists assess an endpoint against a configuration standard. Many check Fixlets have a corresponding analysis, sometimes referred to as measured values, that report the value of the element that the check Fixlet evaluates.
Understanding the results in BigFix Compliance Analytics
Use BigFix Compliance Analytics (formerly known as Security and Compliance Analytics or SCA) to navigate and explore security configuration check results.
Resources
You can find more information about Security Configuration Management and PCI DSS in the following resources.
Security Compliance Analytics
Security and Compliance Analytics (SCA) is a web-based application designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
Security and Compliance Analytics Setup Guide
BigFix for Security and Compliance Analytics (SCA) is a web-based application designed to help manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
Security and Compliance Analytics User Guide
BigFix for Security and Compliance Analytics (SCA) is a web-based application that is designed to help you manage security, vulnerability, and risk assessment. The application archives security and vulnerability compliance check results to identify configuration issues and report levels of compliance toward security configuration goals.
BigFix and QRadar User Guide
QRadar® provides security intelligence for protecting assets and information from advanced threats. BigFix provides a dashboard that is integrated with QRadar®. This dashboard is called the Manage Vulnerable Computers dashboard and is located within the Endpoint Protection domain in BigFix. From this dashboard, you can view enriched vulnerability and risk data, from which you can quickly identify the computers that are most at risk. You can remediate the vulnerabilities that are detected by QRadar® and you can also quarantine or un-quarantine computers.
Overview and getting started
HCL® BigFix provides the Manage Vulnerable Computers dashboard from which you can view and remediate QRadar® vulnerability data. The dashboard lists the QRadar® Computer Risk Score, CVEs, and CVE risk score, which you can use to quickly identify the computers that are at risk. The dashboard provides a list of the Fixlets and Baselines that are available to take action and remediate CVEs. You can also quarantine or unquarantine computers from the Manage Vulnerable Computers Manage Vulnerable Computers dashboard. An Actions tab shows the actions that you ran from the dashboard.
Remediate vulnerabilities
Use the Manage Vulnerable Computers dashboard to view and remediate QRadar vulnerability data and quarantine or un-quarantine computers.
BigFix Client Compliance
This guide describes the BigFix Client Compliance and its solutions (BigFix Client Compliance Configuration and BigFix Client Compliance Windows (IPSec Framework)) which helps in maintaining the compliance status of the computers.
BigFix Client Compliance Configuration
BigFix Client Compliance Configuration allows you to deploy client compliance document to a set of computers. You can also create a new policy document using BigFix Client Compliance Configuration Wizard.
BigFix Client Compliance Windows (IPSec Framework)
The BigFix Client Compliance Windows (IPSec Framework) Fixlet site provides self-quarantine capabilities using the BigFix Client Compliance extension. In this solution, the BES Client restricts or enables inbound and outbound network connectivity based on the compliance status of the computer (but still passing BES network traffic to allow management of the computer through BES).
BigFix and Carbon Black integration
The HCL BigFix and Carbon Black integration allows administrators to deploy a full endpoint security solution to detect, contain, investigate, and remediate security threats and attacks on endpoints across the enterprise. The following sections provide useful information and links to the resources available for the solution.
Linux and Windows applications - middleware
Traditional BigFix Patch content focuses on a limited set of vendors with a specialty in operating system and security patching. The Updates for Linux Applications – middleware and Updates for Windows Applications – middleware content site provides coverage for upgrades to a growing list of third-party applications. This expansion helps you fill gaps in proactive patching processes.
Updates for Linux applications - middleware
With Updates for Linux applications - middleware content site, customer can deploy updates to a vast number of third-party middleware applications.
Updates for Windows applications - middleware
With Updates for Windows applications - middleware content site, customer can deploy updates to a vast number of third-party middleware applications.
Frequently asked questions
Learn the answers to frequently asked questions about updates for Linux and Windows applications - extended.