Home
Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
Configuration Management for Console User Guide
Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
Using checks and checklists
Taking a remediation action

Configuration Management (SCM)
BigFix Compliance Configuration Management (SCM) includes configurable content that is checks and checklists, which assess and manages the devices to ensure compliance standards are met.
- Configuration Management for Console User Guide
  Configuration management (SCM) is used to manage security configuration of devices using checklists which includes creating custom checklists, customize individual checks, synchronizing, deploying checklists to devices.
  - Setting up Configuration Management
    Follow these steps to set up your Configuration Management deployment.
  - Using checks and checklists
    - Check Fixlets
    - Modifying check parameters
    - Activating Measured Value Analyses
      Click the Analyses subnode within a checklist to find measured value analyses.
    - Creating and Managing Custom Checklists
    - Using the Synchronize Custom Checks wizard
    - Taking a remediation action
  - Configuring Windows checklists
  - Configuring UNIX checklists
    You can configure checklists for the superseded and non-superseded UNIX content.
  - Importing SCAP content
  - Configuration Management Reporting
    In previous releases, the primary reporting tools for the Configuration Management solution included the Configuration Management dashboard, Exception Management dashboard, and Web Reports.
  - Frequently asked questions
- Security Configuration Management for WebUI User Guide
  Security Configuration Management (SCM) App in WebUI continuously assess and manages the device for security misconfiguration and deviation, which enables operator to deploy remediation action to ensure the device meets compliance standards.

Taking a remediation action

Many Fixlet controls have built-in Actions to remediate an issue. To start the remediation process, click the link in the Actions box.

The Take Action dialog opens, where you can target the computers that you want to remediate. For more information about the Take Action dialog, see the BigFix Console Operator’s Guide.

A remediation action typically sets a value in a file or in the Windows registry. Most UNIX remediations run the runme.sh file for the appropriate check. This action applies the recommended value shipped with the product or the customized parameter you set according to your own corporate policy.

After you have targeted a set of endpoints, click OK and enter your Private Key Password to send the action to the appropriate endpoints. While the actions are run on the endpoints and the setting is remediated, you can watch the progress of the actions in the console.

When every endpoint in a deployment is brought into compliance, the check Fixlet is no longer relevant and is removed from the list of relevant Fixlets. Although the Fixlets are no longer listed, they continue checking for computers that deviate from the specified level of compliance. To view them, click the "Show Non-Relevant Content" tab at the top of the console window.