1. Introduction
2. Installation
3. RPM Installation
4. Container Installation
5. Upgrades
6. Running Sicura Console
7. Configuration - Accounts
8. Configuration - Database
9. Configuration - Collector
10. Configuration - Security
11. Configuration - Plugins
12. Sidebar - Administration
13. Sidebar - Infrastructure
14. Sidebar - Reports
15. Commands
16. Known Issues
17. How To - Enforce compliance
18. How To - Compliance profile tailoring and customization

Profile Customization

Sicura allows users to export subsets of policies in order to customize what is (or is not) enforced out of any given baseline policy.

Step 1: Choose a Subset of Rules

First go to the Infrastructure > Nodes page via the sidebar navigation and select a node with scan results in the baseline policy (i.e. CIS Server Level 2).

• Select the profile you want to use as the baseline from the Profile drop-down at the top of the page
• Set the results per page at the bottom of the page to all
• Select a subset of rules to export by checking the boxes to the left of the rule name
• Click Export custom profile in the navigation menu on the bottom of the screen

For example:

Step 2: Enforce the Custom Policy

Once the rules have been exported, you will have a custom policy created in YAML to be used by the SIMP Compliance Engine. For example:

---
compliance_markup::compliance_map:
  version: 2.0.0
  profiles:
    simp_console_enforcement:
      ces:
        oval:simp.disa.V-204625:def:1: true
        oval:simp.disa.V-204617:def:1: true
        oval:simp.disa.V-204616:def:1: true
        oval:simp.disa.V-204615:def:1: true
        oval:simp.disa.V-204614:def:1: true
        oval:simp.disa.V-204613:def:1: true
compliance_markup::enforcement:
- simp_console_enforcement

This policy can be used for continuous enforcement via Puppet by following the documentation here. If you plan to export multiple custom profiles for use with SIMP Compliance Engine, you will need to change the profile name from simp_console_enforcement to a unique name.