About Compliance Assessments and Controls

Compliance auditing begins in the Administration module with the configuration of FireMon Objects which are then used in the creation of assessments and controls.

An assessment is a set of controls you assign to a device or device group that notifies you when a change occurs in the device or device group. Instead of running an audit on each device or device group, assessments allow you to proactively monitor device trends. You can assign one or more assessments to a device group. Once your assessment is assigned, Security Manager monitors the status of assigned devices against that assessment.

A control is a safeguard or countermeasure to detect, avoid, counteract, or minimize network device risks. Controls can help locate and reduce overall security compliance related risks by proactively detecting and detailing potential rule-based weaknesses and faulty device configurations.

Items of note about assessments and controls:

  • You can set up email notifications to notify you when there is a change to a device or device group.
  • A FireMon Best Practices Assessment is included in the Administration application, as well as a library of preconfigured controls. When you activate SIP, those controls will immediately begin monitoring the All Devices device group.
  • You can import and export controls to and from a domain's control library, and add the control in the control library to an assessment.
  • When you delete a control, Security Manager checks whether the control is part of any assessments. If it is, Security Manager will alert you before deleting the control.
  • With assessment management, you can configure your environment by assigning one or more assessments to a device or device group. Once assigned, the system will continually monitor the status of assigned devices against those assessments, which is a set of controls containing rule-based values. The data captured is then reflected in Security Manager on the Assessments Results page.
  • From the Assessments Results page in Security Manager, you can evaluate the assessment and determine whether to take action on a group or device. Instead of running an audit, you can use assessments for persistent monitoring and trending purposes of devices. Allowlisting becomes important to the process as well because it allows you to remove acceptable failures from the results set, at least for a period of time, to produce accurate and usable results viewable within the dashboard.

Permission Requirements

A user will need to be a member of a user group with the following minimum permissions granted:

  • Module

    • Administration

    • Security Manager

  • Administration: Assessments and Controls