Addigy's Device Compliance features allow you to easily ensure your devices meet your organization's security requirements, making them safe to access your network and corporate resources. Addigy uses the official CIS and NIST rules created and updated by security industry experts.
Looking for official CIS, DISA or NIST compliance for iOS or macOS? Read about how to use Addigy's pre-built benchmarks that we keep in sync with the official spec.
- Next-Gen Conditional Access for Your Apple Devices
- Add Microsoft Conditional Access via Certificate Check
- Add Microsoft Conditional Access via Azure Integration
- Pre-built CIS, DISA and NIST benchmarks
- Cloning and Customizing Pre-built Benchmarks
Compliance benchmarks are selected from the Catalog, where you are used to managing all of the assets in your Addigy environment.
Use pre-built CIS or NIST benchmarks, or clone one of them to use only a subset of rules. You can also create your own additional benchmarks to layer on any company-specific requirements. A Benchmark consists of a bundle of rules you can assign across all or part of your fleet to ensure they meet your security needs.
Each time a device checks in, Addigy runs an audit that includes any benchmark rules assigned and can automatically apply any necessary remediation. You can view a device's compliance status on the Devices page and GoLive.
Let’s go over how you can:
- Create a Custom Rule
- Create a Custom Benchmark
- Apply Benchmarks to devices
- View Compliance results
Note: Addigy Compliance can also be accessed via the Addigy API v2. Contact Addigy Support for access to API v2.
How to create a custom rule
The fundamental piece of the Compliance process is a Rule. Rules are very similar to Alerts, they allow you to set up real-time monitoring on a specific device fact along with automated remediation. For example, you can have a Rule that checks whether FileVault is enabled. Rules are then included in one or more Benchmarks.
Create your first Rule by navigating to Catalog -> Compliance -> Rules
How to create a Benchmark
Benchmarks consist of any number of Rules. Benchmarks can be created from the Catalog page as well and are how we will group up our Rules. Popular benchmarks such as CIS and NIST are pre-built and maintained by Addigy. Read more about Pre-Built Benchmarks.
To create a custom Benchmark, go to Catalog -> Compliance -> Benchmarks.
Once your benchmark is complete, open the Actions menu to add Rules for the security needs of your organization.
NOTE: Each benchmark has a target OS and min/max versions. Addigy will only run compliance tests on devices that meet the benchmark criteria.
Apply your Benchmark
Now that your benchmark is ready, you can start tracking the compliance of your devices by assigning your benchmark to one or more Policies. Benchmarks can also be added to Flex Policies or your standard Policy Hierarchy.
On the policy view, select Compliance at the bottom of the left navigation bar, select your benchmark for the table and then press the Add/Remove button. Then deploy the policy. The compliance benchmark will run against your devices on their next check-in. (~5 mins)
View Compliance Results
Now that our benchmark is properly applied, let us look at the results. We can view compliance at a high level from the Devices page by adding in the "Compliant" device fact.
You can click on the red/green icons in the Compliant device fact column to get more details on which benchmark is out of compliance and what rules specifically.
Furthermore, you can see the individual status in GoLive
Addigy Compliance allows you to quickly and easily build bundles of monitoring alerts and remediation to keep your devices as safe as possible, while also providing you clear insight into what may be going wrong when devices are out of compliance. This information can be leveraged to move devices around policies to grant/restrict access to certain software and data.