Remediating configuration settings

The PCI DSS checklists for AIX 6, AIX 7, Red Hat Enterprise Linux (RHEL) 5, RHEL 6, RHEL 7, Solaris 10, Solaris 11, Windows 2008, Windows 2012, Windows 7, Windows 10, Windows Embedded POSReady 7, and Windows Embedded Standard 7 support remediation. Console operators can resolve a vulnerability issue with a single action. A remediation action can only be taken on an endpoint where the Fixlet is relevant.

About this task

You can audit, assess, and remediate configuration settings using Security and Compliance Analytics (SCA), which is now known as BigFix Compliance Analytics. For Fixlet checks that can be automatically remediated, an action is displayed in the relevant Fixlet. You can take a remediation action only on the relevant and selected endpoints.
Note: Not all Fixlets have a remediation action.
Note: When the external global policy is enabled, any changes to the local endpoint is overwritten. In such case, the remediation action must be run using the external global policy solution.


  1. From the Security Configuration Domain, go to All Security Configuration > Fixlets and Tasks.
  2. Expand the sub-folders to search for the Fixlet you want to enable.
  3. In the Fixlet window, click the Description tab and scroll down to the Actions box.
  4. Click in the Actions box link to remediate the specified policy issue.
    Figure 1. Check containing an action for remediation
    Check containing an action for remediation
  5. Set your parameters in the Take Action dialog and click OK.