Home
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Configuration Management for Console User Guide
Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
Configuring UNIX checklists
You can configure the checklists for the AIX®, MAC, and Solaris.
Running checklists
The process of running a checklist involves executing tasks like the Environment Setup task or Deploy and Run security checklist. Both tasks are directed towards achieving compliance with regulatory standards such as those established by CIS or DISA.
Understanding the output
With UNIX™ content, endpoint scans are accomplished by a series of UNIX shell scripts that provide greater accessibility to UNIX system administrators.

Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
- Configuration Management for Console User Guide
  Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
  - Setting up Configuration Management
    Follow these steps to set up your Configuration Management deployment.
  - Using checks and checklists
  - Configuring Windows checklists
  - Configuring UNIX checklists
    You can configure the checklists for the AIX®, MAC, and Solaris.
    - Running checklists
      The process of running a checklist involves executing tasks like the Environment Setup task or Deploy and Run security checklist. Both tasks are directed towards achieving compliance with regulatory standards such as those established by CIS or DISA.
      - Understanding the output
        With UNIX™ content, endpoint scans are accomplished by a series of UNIX shell scripts that provide greater accessibility to UNIX system administrators.
      - Modifying global scan options
        You can control the behavior of the global scan through the pop box on Environment Setup task or Deploy and Run security checklist in Solaris and AIX® checklists.
    - Analyses
    - Using the Create Custom Relevance SCM content wizard
      Follow these steps to incorporate custom checks into an existing SCM custom site.
    - Creating custom UNIX Security Configuration Management content
      Follow these steps to create custom check for UNIX Security Configuration Management.
  - Importing SCAP content
  - Configuration Management Reporting
  - Frequently asked questions
- Security Configuration Management for WebUI User Guide
  Security Configuration Management (SCM) App in WebUI continuously assess and manages the device for security misconfiguration and deviation, which enables operator to deploy remediation action to ensure the device meets compliance standards.

Understanding the output

With UNIX™ content, endpoint scans are accomplished by a series of UNIX™ shell scripts that provide greater accessibility to UNIX™ system administrators.

With most BigFix content, Fixlet® constantly evaluate conditions on each endpoint. The console shows the results when the relevance clause of the Fixlet® evaluates to true or false.

With UNIX™ content, an Environment Setup task or Deploy and Run security checklist initiates a scan of the endpoints, that can run on an ad hoc basis each time when a scan is required. It can also run as a recurring policy from the console.

The endpoint scan is accomplished by a series of UNIX™ shell scripts. While each script runs, it detects a setting or condition. The script writes the information to an output file that is made available to the corresponding Fixlet® check for evaluation. When the results files are written to disk, the Fixlet® read each results file and show the results in the console.

After you run the Environment Setup task or Deploy and Run security checklist, the scripts are in a directory under/var/opt/BESClient/SCM/CIS or DISA/<Project ID>/Scripts or /var/opt/BESClient/__BESData/<Folder for your Site>/SCM/Scripts respectively.