In the previous scenario, the tasks required by control activities are performed manually and the results of those actions are reported manually. For larger organizations and greater numbers of activities, the control activities must be automated. Many of the Management Packs, such as the IT Compliance Management Library Management Pack, allow you to monitor targeted systems for compliance with IT GRC polices using health monitoring systems such as System Center Configuration Manager.

To enable the predefined automated control activities in your program, complete the steps in the following list. Detailed information about each step is provided in the subsections that follow the list.

  1. Import and configure the Desired Configuration Management (DCM) Pack.

  2. Edit an automated control activity in the program.

  3. Activate the automated control activity.

Step 1: Import and Configure the Corresponding Desired Configuration Management Pack

Some IT Compliance Management Libraries have a corresponding Desired Configuration Management Pack for System Center Configuration Manager. The Desired Configuration Management Packs contain automated configuration validation for the control activities in the IT Compliance Management Library Management Pack.

Import and configure the corresponding Desired Configuration Management Pack using the information in the following table and instructions in the “Step 2: Configure System Center Configuration Manager for Baseline Compliance” section in the IT Compliance Management Pack Installation Guide and ITCML_readme file that is included with the IT Compliance Management Library Management Pack.

Information needed

Value

<target_folder>

Fully qualified path to the folder where the IT Compliance Management Library Management Pack is extracted

<management_pack_name>

WS08-ITCompliance-Member-Server.cab

Step 2: Edit an Automated Control Activity in the Program

To enable the automated testing of the predefined control activities, you need to edit the automated control activities that support the control objectives in the new program using the Edit task. By default, all automated control activities that are created from control activity templates have their status set to Pending.

Most control activities require you to configure the owner, the procedure type, if the activity is shared, the classification level, and the classification priority.

Edit an automated control activity of the control objective in the program using the following table and instructions.

Tip
You can use the Filter function to find the automated control activity listed in the following table.

Information needed

Value

<control_activity_title>

Configure Password Attributes

Owner

User account that is to be the owner of the control activity

To edit an existing control activity

  1. Click Start, click All Programs, click Microsoft System Center, click Service Manager 2010, and then click Service Manager Console.

    The System Center Service Manager Console starts.

  2. In the Service Manager Console, in the Navigation pane, click Compliance and Risk Items.

  3. In the Compliance and Risk Items pane, go to the All Compliance and Risk Items/Control Management/Control Activities/All Automated Control Activities location.

  4. In the Results pane, click <control_activity> (where control_activity is the name of the Control Activity that you want to edit).

  5. In the Tasks pane, click Edit.

    The Control Activity property form displays.

  6. In the Control Activity form, modify the configuration based on the requirements for the following tabs, and then click Submit and Close:

    • General

    • Framework

    • Procedure

    • Validation

    • Results

    • Related Items

    • History

    The Results pane in the All Automated Control Activities view or the Active Automated Activities view refreshes to display the list of all control activities in that view.

Step 3: Activate the Automated Control Activity

After you edit the automated control activity for the control objective for the program you created, you are ready to activate the automated control activity.

Activate an automated control activity using the following table and instructions.

Information needed

Value

<control_activity_title>

Configure Password Attributes

To activate a control activity

  1. Click Start, click All Programs, click Microsoft System Center, click Service Manager 2010, and then click Service Manager Console.

    The System Center Service Manager Console starts.

  2. In the Service Manager Console, in the Navigation pane, click Compliance and Risk Items.

  3. In the Compliance and Risk Items pane, go to the All Compliance and Risk Items/Control Management/Control Activities/All Automated Control Activities location.

  4. In the Results pane, click <control_activity> (where control_activity is the name of the control activity that you want to activate).

  5. In the Tasks pane, click Activate Control Activity.

  6. In the Tasks pane, click Refresh.

    The Results pane in the All Automated Control Activities view or the Active Automated Activities view refreshes to display the list of all control activities in that view.

After you activate the automated control activity, the result of the control activity is automatically updated by the Desired Configuration Management Pack in System Center Configuration Manager. After the Desired Configuration Management Pack has assessed the configuration settings of the computers in the scope, the control activity result is updated using the System Center Service Manager connector for System Center Configuration Manager.