New compliance status for a compliance rule

Idea ID 2762019

New compliance status for a compliance rule

Based on our understanding of Compliance status for configuration rules in MF NA, there are only two status options for rules within a policy, Compliant - Yes or No. 

Based on rule definition and criteria's selected there is a possibility of 3rd status like "Not Applicable" where rule condition is not matching and we can't decide on the compliance based on available information and logic applied. However in current scenario all those not applicable scenarios are also reported as "compliant". 

Our request is to make this new status available so as to have an accurate compliance reporing.

Just to give more information let us see the below example: 

We have a policy where we are checking software version on the routers.

Our requirement is as follows:
Rule 1 - if router model is X then Software on that device should be "12.2.x".  

Rule 2 - if router model is Y then Software on that device should be "13.2.x".  

Rule 3 - if router model is Z then Software on that device should be "14.2.x".  

so we will create 3 different rules with Boolean expression as "if A then B", where A is having model details and B is having version details. 

In the inventory where policy is applied there are combination of routers with different models and all rules within a policy are validated against each router. Currently it will report as Compliant for Rule 1 and Rule 2 even if the router doesn't belong to that model. The router belong to model mentioned in Rule 3 which will give me correct result based on software running on that device.  Ideally for a device it is expected to give compliant/non-compliant status and other rules status should be "Not Applicable".  Thus giving correct information on software compliance level for the device.

Is it something already available or some enhancement in the tool need to happen to introduce this new status? Appreciate if you can look into this scenario on priority and take decision. 

4 Comments
Super Contributor.
Super Contributor.

@AkashDeep  @Brian Kaplan Pls look into this requirement.

Micro Focus Expert
Micro Focus Expert
Status changed to: Needs Clarification

Dear @Sanjeev_A 

I just wanted to understand as to why can't policy/ rules can be created for specific device families and applied to groups that contain devices from those families.

Super Contributor.
Super Contributor.

@AkashDeep  The validations are based on version for specific model of routers and switches which all fall under same device family as "Cisco IOS".  There is no rule condition called device type that is available today.  

In other scenarios when we are checking for if conditions the current limitation is just if-then-else logic can be built which will give compliance and non-compliance. However when we have multiple choice options that needs to be checked then as nested if's are not supported the controls are broken into multiple rules each for one condition with boolean expression as if A then B. In such scenarios even if condition A is matched then it gives accurate results but if condition is not matched then it will report it as compliant. This is wrong result. Same is the case when we have block definitions are checks are done within block, if bock is not found in configuration it will still report it as compliant. 

So my thinking was to introduce a status as NA when conditions are not met and boolean expression are having single if then logic and we can't use else because there are other additional multiple choices that needs to be validate in else-if logic which is not supported. 

 

Micro Focus Expert
Micro Focus Expert
Status changed to: Waiting for Votes

The idea has received an initial review to ensure adherence to our idea submission and community guidelines. More information may be needed at this stage, and we expect the community to help prioritize the idea with comments and community support (votes/kudos).

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.