The attribute that measures the complexity of the attack that is required to exploit the vulnerability. The values are High, Medium, and Low.
The metric that reflects how the vulnerability is exploited. The values are Local , Adjacent Network, and Network.
A type of reconciliation rule that is applied on the current assets to add the current asset to a specified location.
A managed object in the system that has value, has an owner, has controlled access, and can have authority. The authority occurs when the asset is a person or a query engine.
A collection of assets of one or more types for evaluation and reporting. A user-defined group can be static or dynamic.
The resolution of the existing assets with the newly imported assets in the asset store.
The location in the Directory Support Service where all the assets that are discovered and reconciled are stored.
The overall CCS system that includes all the assets and the features to manage the assets. The assets include groupings, filters, tags, folders, credentials, and asset authorization.
A form of categories that are specific to the supported platforms to gather more specific data for the purpose of monitoring the network.
The reply, the answer, or the additional information that is returned to a questionnaire author.
The attribute that measures the complexity of the attestation that is required to exploit the vulnerability. The values are Multiple, Single, and None.
The attribute that measures the effect to availability of a successfully exploited vulnerability. The values are None, Partial, and Complete.
A file that the cryptographic systems uses as proof of identity. The file contains a user's name and a public key.
A statement that tests a condition for an asset, such as a test if passwords have a certain length.
An expression that is used to compare a property of an asset to a specified data value.
A formula that is created by using check expressions. Operators connect multiple check expressions to create a single check expression.
A user request for additional details about a policy before the user accepts a policy or requests an exception.
The percentage value of 0 to 100 that represents the level of adherence to a standard. The score is derived from the technical checks.
The attribute that measures the effect on confidentiality of a successfully exploited vulnerability. The values are None, Partial, and Complete.
The prepackaged questionnaire that is based on common standards.
The server that is responsible for all job executions, workflow, and schedules.
Active Directory Application Mode, a Lightweight Directory Access Protocol (LDAP) directory service. Lets the applications store information in a directory, rather than in a flat file or in a database. ADAM is separate from any Active Directory domains that are deployed on the network. In CCS, ADAM/ADLDS is the Directory Server.
The server that stores the asset data, user rights and preferences, and information about jobs.
The data location in the system where the access permissions are granted and approved.
A single-sentence description of an activity, concept, or requirement called out by a regulation or a best-practice framework. These descriptions are a means of mapping related tasks and requirements between various regulations and best practices.
The CCS component that retrieves information about assets from the network.
A file that the cryptographic systems use as proof of identity. The file contains a user's name and a public key.
A single service that has multiple roles in CCS. The roles include the DPS Collector, the DPS Evaluator, the DPS Load Balancer, and the DPS Reporter.
A role of the Data Processing Service. The DPS collector transmits data collection jobs to the data collector and retrieves results when the job is complete.
A role of the Data Processing Service. The DPS evaluator compares data that is collected from the network to specified conditions, then stores the evaluation result for reporting.
A role of the Data Processing Service. The DPS load balancer distributes data collection jobs to the DPS collectors and to the DPS evaluators on the network.
A role of the Data Processing Service. The DPS reporter processes the evaluated data from the DPS data evaluator into the reports and the dashboards that are suitable for users.
The service that works with the CCS Directory to check user rights on the directory items.
The process that is used to test the compliance of an asset with a standard, a section, or a check in the organization.
The information that is collected from the network that proves that an organization is compliant with the policies that the organization has defined.
The database that stores the proof of compliance with the policies and the checks.
A description of the information that is collected from the network that serves as proof of compliance with a particular policy.
The temporary permission that allows a user with a valid business reason to violate an organizational policy or a technical standard.
A user request for permission to defer compliance with a control statement that is included in a policy. The exception request can include the rationale for the request.
An expression that uses an operator to compare a field with a particular value that a user specifies.
A collection of the policies that define best practices. An organization voluntarily uses the policy best practices.
The analysis that lets you review how the policies that are defined for an organization match up to a regulation or a framework.
The standard that is built from the values that are present in a reference asset. A gold standard is the standard configuration against which other systems are benchmarked.
The attribute that measures the effect to integrity of a successfully exploited vulnerability. The values are None, Partial, and Complete.
The field in an evidence definition that lets you filter evidence results.
The ESM configuration option for the site that tells the ESM collector to execute an ESM policy run.
An attribute of an asset. CCS users can create locations to represent geographical locations. Assets are associated with the appropriate location as well as with the services that work with those assets.
An abstract representation of the network resources that are managed. A managed object can be a physical entity or a network service.
A type of entity that is contained within the Directory Support Service. These entities include policy, asset, or standard. Objects are always the final level of the tree.
The percentage value of 0 to 100 that represents the level of adherence to regulations. The compliance score is derived from the technical checks and the procedural controls.
A set of guidelines that are issued by a company to its employees to keep the company compliant with certain government regulations. The guidelines help to maintain the company's standards and reputation.
The process of matching the policies that an organization defines to the frameworks or the regulations that the organization must comply with.
The status of a policy. The different states of a policy are planning, review, use, or retired.
A sample policy that is created by Symantec that can be used to create the custom policies that suit an organization's needs.
A type of reconciliation rule that is applied on the current assets after the asset becomes a part of the asset store.
A type of reconciliation rule that is applied on the current assets before the asset becomes a part of the asset store.
Reconciliation rules that are built in the asset system. The asset system has Add, Pre, and Update types of rules.
The database that stores collected data from the data collectors. The DPS evaluator uses the stored data.
The question categorization that is based on the method that is used to provide a solution.
The set of questions that ask for responses from the attester that are created by the questionnaire author. The questionnaire hierarchy contains the questionnaire, the groups, the questions, and the answers.
A rule that defines a condition and a course of action that is to be taken when an asset is imported into the system. A set of actions is executed when the imported asset satisfies the specified set of conditions.
The asset values that are used to create a gold standard. See also gold standard
The standard whose values are modified according to the values existing in the reference asset.
A collection of the policies that define an organization's compliance with a governmental rule or regulation. Compliance is mandatory, which an outside body imposes.
A report definition that is used by CCS for generating a report. The user can make a copy of a predefined template to create a new customized template.
The database that stores the evaluation data. The DPS reporter uses the stored evaluation data.
The time period for retaining the evidence data in the evidence database.
The time frame during which the data owner must complete the entitlement approval process.
A check's risk level that is calculated by computing the total Confidentiality, Integrity, Availability, and Vulnerability settings.
An asset's risk level that is calculated by computing the total Confidentiality, Integrity, Availability, and Vulnerability settings.
The percentage value of 0 to 100 for an asset that is calculated by computing the total Confidentiality, Integrity, and Availability settings. Risk scores are used to compute the severity of a failure of a particular check for a given asset.
A data collector that retrieves data from a bv-Control installation.
A designation that is based on a collection of predefined tasks that defines what a user is able to do in CCS.
A collection of subsections and checks. Sections are used to organize the checks and the subsections into logical groups.
A set of assets assigned to one or more Data Processing Services (DPS). Assigning sites to a DPS facilitates load balancing, data collection, data evaluation, and reporting from the assets that are assigned to a site.
A collection of sections that contain checks and subsections. Assets are evaluated against a standard to provide a compliance score.
An attribute that can be attached to an item such as an asset, policy, group, standard, evaluation result, query, or query result. The user can then search by such items as "My SOX assets." The tag is sometimes referred to as a label.
A specific action such as Create a policy or Run an evaluation that the user performs. A collection of predefined tasks defines a role.
An analysis that shows an organization's frameworks, regulations, and policies information and helps organizations to determine the extent of their policy compliance.
A collection of checks that can be run by a user to verify compliance with industry security and configuration best practices for various operating systems and applications.
A type of reconciliation rule that is applied on the imported assets to update their properties with the values of the current assets that are newly imported.