Compliance Policies
Overview
Compliance rules identify devices as non-compliant and apply to a selection of devices, device types, or device groups. Compliance rules consist of customizable criteria to categorize a device as non-compliant.
The Compliance Rules tab of the Rules page, provides a view of all created compliance policies where you can edit, assign, and delete them from one easily accessible place.
The following topics describe how to setup and use compliance policies:
How Compliance Rules Evaluate
- Unlike other rules, related compliance rules evaluate together. Multiple compliance rules can apply to a device. When multiple compliance rules apply, they evaluate together to determine non-compliance. If the evaluation result of one rule in a group of related compliance rules is non-compliant, the final result of the evaluation is non-compliant.
- For example, device#1 evaluates using compliance rule#2, rule#3, rule#4. If device#1's state is compliant for rule#2 and rule#4 but non-compliant for rule#3, then evaluation is non-compliant.
When Compliance Rules Evaluate
When a device's state changes, all compliance rules that relate to that device's changed state evaluate.
When a compliance rule is:
- Created, all compliance rules (including the created one) evaluate.
- Modified, all compliance rules evaluate.
- Deleted, devices related to the deleted compliance rule that are not related with other compliance rules have status set to 'Pending' (to reset the compliance status of devices). All the other compliance rules are then evaluated.
- Activated or deactivated, same behavior as creating or deleting a rule.