Symantec Security Expressions Server User Manual

Configure Servers

19

To check for frequent policy file updates, you may choose to Check for policy file

updates during a specific time period (days, minutes, hours). If updates exist, they will

be downloaded for the SecurityExpressions Audit & Compliance Server to use.

Check Now updates the policy files immediately.

3.

Click Update to store the policy file library configuration. The settings are stored but can

be modified.

About Policy Files

Security policies lay a solid foundation for the development and implementation of secure

practices within an organization. In SecurityExpressions, policy files contain the rules to which an

organization must adhere for their system security configuration. Compliance with policies

requires an understanding by staff of not only the individual policies but also of the

circumstances in which such compliance is expected in their daily activities. Policy files have a
.SIF extension.

A high-level security policy may outline specific requirements or rules that must be met, such as

the rules and regulations for appropriate use of the computing facilities. A technical standard or

configuration guideline is typically a collection of system-specific or procedural-specific

requirements that everyone must meet. For example, you might have a standard that describes

how to harden a Windows workstation for placement on an external network (DMZ).
Administrators must follow this standard exactly if they wish to install a Windows 2003

workstation on an external network segment.

The Security Policy File Library provides pre-defined and customizable system security policy files

and security guidelines from well-known sources, such as Microsoft, SANS, NSA, NIST, CIS, as

well as policy files including Microsoft Patches, user settings, and Solaris patch management. You
can select a policy file to use or modify for your audits.

How System Scores are Calculated

The score a system gets from an audit is calculated using the properties of rules checked against

the system during the audit. The properties used are:

Rule Result - Each rule returns a result of OK, Not OK, Error, or Info during an audit. Rules that

return Info or Error are not included in the calculation.

Weight Values - Each rule is assigned a weight value from one of the three rule keys, in this
order: Weight, Impact, or Priority. The Weight key is not a key that each rule automatically has;

it must be created by a user.

If a Weight key exists for a rule and has a value, it always becomes the rule's weight value. If

there is no Weight key, the rule gets its weight from the Impact key. If neither key has a value,

then the rule gets its weight from the Priority key. If none of these keys have a value, the rule

gets a weight value of 1.0.

You can customize the values of rules in one of two places:

1. In the SecurityExpressions server interface by editing the policy file and then uploading it

into a policy.

2. In the SecurityExpressions console application, if using it, by adjusting rule keys in the .SIF

file.

The following is the formula the software uses to calculate system scores: