Create a New Audit File + Policy

To create a new audit file and policy as a security manager user:

1. Under Scans, navigate to Audit Files and add the CAS Implementation Group 1 audit file.

2. In the Name field, enter a name.

3. Fill out the compliance questions with the answers as described in CAS Implementation Group 1 Audit Questions.

   Note: The audit questions have two parts. The first part requires a Yes or No. The second part requires a location. If the answer to the first question is is No then the answer to the second question should be “None”. Every audit question that is answered “Yes” will pass, while every “No” will fail.

4. Under Scans, navigate to Policies and add a Policy Compliance Auditing policy.

5. Add the audit file that was created above, under Compliance.

   

After the policy is created the active scan can be created. Keep in mind, the target should match or be within the IP range that was input when creating the repository and scan zone.