Allowed Services

The Allowed Services control is meant to evaluate. Only the services defined in the Allowed Services list are allowed to pass between the selected source and destination zones. If a rule is found to allow a service between these zones that is not defined in this list, the rule will be returned as a failure for this control.

The Allowed Services controls are used in all of the preloaded assessments, including PCI. Therefore, the SCI scores will be unreliable until you configure your compliance zones and service groups.

To create a new allowed services control, complete the following steps.

  1. On the toolbar, click Compliance > Controls.
  2. Click Create.
  3. Select Allowed Services.
  4. In the General Control Properties, complete the following fields common to all control types:
    • Name— type a unique name for the control.
    • Severity—select the risk level (from 0-9) of vulnerability risk associated with this control.
    • Tags—optional, tag words can be used as an additional search filter option.

    Separate tag words with a space, not a comma.

    • Description—optional, type a description of what the control will be used for.
  5. Complete the Allowed Services Control Properties section.
    • In the Source Zone field, select a compliance zone.
    • In the Destination Zone field, select a compliance zone.
    • In the Allowed Services field, select a service or service group.
    • Select the Use Device Zone Names check box to search for rules based on the device zone name instead of the default derived address space.
  1. In the Evaluation section of Control Properties, select the Information Only check box to not record as a failure any execution of the control that does not meet the required criteria.
  2. In the Policy Optimizer section of Control Properties, if you have purchased a Policy Optimizer license, select the Send Failed Rules to Policy Optimizer check box.
  3. In the Device Test Conditions section of Control Properties, select the Type, Vendor, and Product.
  4. In the Reporting Properties section, enter text for Pass and Fail results, and any Instructions for remediation.
  5. Click Save.