Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide

16.18 Judgment policy information file

This file is specified for execution of the judgment policy update command (cscpolimport). Its contents are imported as judgment policy information.

When the judgment policy export command (cscrexport) is executed, an export file is output in the same format as this file.

The judgment policy information file is a text file, and can be created with any file name in any directory.

Organization of this section

(1) Synopsis

(2) Definition contents

(3) Specification example

(1) Synopsis

Each item in the judgment policy information file is specified in a separate section.

Each section has the same syntax. Note the following coding conventions:

The sections in the file and the lines in a section can be specified in any order.

Every line other than the section name line must start with a parameter ID.

Lines beginning with a hash symbol (#) are treated as comments.

Each setting value other than the section name must be enclosed in double quotation marks ("). To omit the value, specify two double quotation marks in succession ("").

To specify a double quotation mark (") in a character string in the definition file, specify two double quotation marks in succession ("").

Use a comma (,) to separate setting values.

End every parameter line with a line feed code. The line feed code is (0x0d0a). Lines containing only a line feed code are ignored.

The following describes the format of each section.

(a) [Policy Information]
  
"Version","version" 
  
(b) [Security updates]
  
"Option","judgment-option" 
"Conditon","judgment-condition" 
"Latest Level","security-level" 
"Exclude Option","exclusion-option" 
"ExpUpProgram","security-information-number","document-number" 
"NeedUpProgram","security-information-number","document-number","target-OS","OS-service-pack","product-code","product-version","product-service-pack","security-level","product-name","comparison-condition" 
"NeedUpServicePackProduct","product-name","product-version","product-service-pack","service-pack-condition","OS-type","OS-service-pack","security-level" 
"NeedUpServicePackOS","OS-type","OS-service-pack","service-pack-condition","security-level" 
  
(c) [Anti-virus products]
  
"Option","judgment-option"
"VirusProduct","anti-virus-product-name","product-version","engine-version","virus-definition-file-version","determine-that-PCs-with-no-resident-anti-virus-products-are-at-risk","security-level" 
  
(d) [Prohibited software]
  
"Option","judgment-option"
"UnjustSoftware","software-name","version","OS-type","security-level","comparison-condition" 
  
(e) [Mandatory software]
  
"Option","judgment-option 
"NeedSoftware","software-name","version","OS-type","security-level","group-name" 
"DMClient","judgment-option","version","security-level" 
"DMSubManager","judgment-option","version","security-level" 
"DMRelayManager","judgment-option","version","security-level" 
  
(f) [PC security settings]
  
"Option","judgment-option" 
"PCSecurity","group-name","group-judgment-option","item-name","item-judgment-option","judgment-condition","comparison-value","security-level","treatment-if-item-is-not-applicable" 
  
(g) [User definition]
  
"Option","judgment-option" 
"UserDefJudge","judgemnt-item-name","class","property","comparison-condition","comparison-value","treatment-when-value-is-not-set-for-property","security-level" 
  

(2) Definition contents

Note the following when specifying information in the definition.

Sections other than the [Policy Information] section can be omitted. If a section is omitted, the judgment items corresponding to that section will not be updated.

If you omit optional items and import the definition to the judgment policy, the information for those items that is registered in the judgment policy is deleted.

The following describes the information to be defined for each section.

(a) [Policy Information]

The following table describes the information to be defined in the [Policy Information] section.

Table 16-50 Contents of the [Policy Information] section

No. Parameter ID Item Setting item Required

1 Version Version 090100 Yes

(b) [Security updates]

The [Security updates] section corresponds to the judgment item Security updates.

The following table describes the information to be defined in the [Security updates] section.

Table 16-51 Contents of the [Security updates] section

No. Parameter ID Item Setting value Required

1 Option Judgment option Specify whether security updates are to be judged.
0: Not to be judged
1: To be judged Yes

2 Conditon Judgment condition Specify the judgment condition.
1: Whether the latest security update has been applied to the client is judged.
2: Whether the security update specified by the administrator has been applied to the client is judged. Yes

3 Latest Level Security level Specify as one of the following codes the security level that is set when 1 is specified for the judgment condition and the latest security update has not been applied:
200: Caution
300: Warning
400: Danger Yes

4 Exclude Option Exclusion option Specify whether to exclude a specific program when 1 is specified for the judgment condition.
0: Not excluded
1: Excluded Yes

5 ExpUpProgram Security information number Specify the information to be imported to the security updates that will be excluded. For details about the setting values, see Table 16-10. No

6 document number

7 NeedUpProgram Security information number Specify the information to be imported to the mandatory security updates (patch information).
For details about the setting values, see Table 16-11. No

8 Document number

9 Target OS

10 OS service pack

11 Product code

12 Product version

13 Product service pack

14 Security level

15 Product name

16 Comparison condition

17 NeedUpServicePackProduct Product name Specify the product service pack information to be imported to mandatory security updates (service pack information).
For details about the setting values, see Table 16-12. No

18 Product version

19 Product service pack

20 Service pack condition

21 OS type

22 OS service pack

23 Security level

24 NeedUpServicePackOS OS type Specify the OS service pack information to be imported to mandatory security updates (service pack information).
For details about the setting values, see Table 16-13. No

25 OS service pack

26 Service pack condition

27 Security level

(c) [Anti-virus products]

The [Anti-virus products] section corresponds to the judgment item Anti-virus products.

The following table describes the information to be defined in the [Anti-virus products] section.

Table 16-52 Contents of the [Anti-virus products] section

No. Parameter ID Item Setting value Required

1 Option Judgment option Specify whether anti-virus products are to be judged.
0: Not to be judged
1: To be judged Yes

2 VirusProduct Anti-virus product name Specify the information to be imported to the anti-virus products that will be judged.
For details about the setting values, see Table 16-14. No

3 Product version

4 Engine version

5 Virus definition file version

6 Determine that PCs with no resident anti-virus products are at risk

7 Security level

(d) [Prohibited software]

The [Prohibited software] section corresponds to the judgment item Prohibited software.

The following table describes the information to be defined in the [Prohibited software] section.

Table 16-53 Contents of the [Prohibited software] section

No. Parameter ID Item Setting value Required

1 Option Judgment option Specify whether unauthorized software is to be judged.
0: Not to be judged
1: To be judged Yes

2 UnjustSoftware Software name Specify the information to be imported to the unauthorized software that will be judged.
For details about the setting values, see Table 16-15. No

3 Version

4 OS type

5 Security level

6 Comparison condition

(e) [Mandatory software]

The [Mandatory software] section corresponds to the judgment item Mandatory software.

The following table describes the information to be defined in the [Mandatory software] section.

Table 16-54 Contents of the [Mandatory software] section

No. Parameter ID Item Setting value Required

1 Option Judgment option Specify whether the mandatory software is to be judged.
0: Not to be judged
1: To be judged Yes

2 NeedSoftware Software name Specify the information to be imported to the mandatory software that will be judged.
For details about the setting values, see Table 16-16. No

3 Version

4 OS type

5 Security level

6 Group name

7 DMClient Judgment option Specify whether JP1/Software Distribution Client is to be judged.
0: Not to be judged
1: To be judged Yes

8 Version Specify the version of JP1/Software Distribution Client as a string of 60 or fewer bytes.

9 Security level Specify the security level as one of the following codes:
200: Caution
300: Warning
400: Danger

10 DMSubManager Judgment option Specify whether JP1/Software Distribution SubManager is to be judged.
0: Not to be judged
1: To be judged Yes

11 Version Specify the version of JP1/Software Distribution SubManager, as a string of 60 or fewer bytes.

12 Security level Specify the security level as one of the following codes:
200: Caution
300: Warning
400: Danger

13 DMRelayManager Judgment option Specify whether JP1/Software Distribution Manager (relay manager) is to be judged.
0: Not to be judged
1: To be judged Yes

14 Version Specify the version of JP1/Software Distribution Manager (relay manager) as a string of 60 or fewer bytes.

15 Security level Specify the security level as one of the following codes:
200: Caution
300: Warning
400: Danger

(f) [PC security settings]

The [PC security settings] section corresponds to the judgment item PC security settings.

The following table describes the information to be defined in the [PC security settings] section.

Table 16-55 Contents of the [PC security settings] section

No. Parameter ID Item Setting value Required

1 Option Judgment option Specify whether the PC security settings are to be judged.
0: Not to be judged
1: To be judged Yes

2 PCSecurity Group name^# Specify the group name.
For details about the setting values, see Table 16-56. No

3 Group judgment option Specify whether the specified group is to be judged. If a group containing multiple items is specified for group-name, specify the same value for all items in the group.
0: Not to be judged
1: To be judged

4 Item name^# Specify the judgment item name.
For details about the setting values, see Table16-56.

5 Item judgment option Specify whether the specified judgment item is to be judged. If a group containing only one item is specified for group-name, specify the same value that is specified for group-judgment-option.
0: Not to be judged
1: To be judged

6 Judgment condition^# Specify the judgment condition.
For details about the setting values, see Table 16-56.

7 Comparison value^# Specify the comparison value.
For details about the setting values, see Table 16-56.

8 Security level Specify the security level as one of the following codes:
200: Caution
300: Warning
400: Danger

9 Treatment if item is not applicable Specify the desired behavior if the judgment item does not exist. You can specify one of the following values:
1: The specified security level is set.
2: Judged Safe.
3: Judged Not applicable.
4: Judged Unknown.

#

The following shows details of the setting values and the corresponding item names in the PC security settings.

Table 16-56 Details of the setting values in the [PC security settings] section

No. Corresponding item name Setting values in the [PC security settings] section

Group name Item name Judgment condition Comparison value

1 Guest account settings Accounts Guest account settings 1: Guest account exists and is enabled.
2: Guest exists. --

2 Vulnerable password Passwords Vulnerable password -- --

3 Password that never expires Password that never expires -- --

4 Days since the password was updated Days since the password was updated -- 1 to 1000

5 Automatic logon Logon Automatic logon settings -- --

6 Power-on password Power-on password settings 1: Power-on password is not set.
2: Power-on password is not set or is not installed. --

7 Shared folder settings Shares Shared folder settings -- --

8 Restrictions on anonymous connections Anonymous connections Anonymous connections are restricted -- --

9 Status of unnecessary services Services Unnecessary services are running -- --

10 Windows firewall settings Firewall Windows Firewall Settings 1: The Windows firewall is disabled.
2: The Windows firewall is disabled or allows exceptions. --

11 Windows automatic update settings Automatic updates Settings for Windows automatic updates -- --

12 Screensaver settings Screensaver Screensaver settings -- --

13 Password protection Password protection of screensaver -- --

14 Drive encryption by BitLocker Drive Encryption BitLocker Drive Encryption 1: The system drive is not encrypted.
2: A drive is not encrypted. --

Legend:

--: No setting

(g) [User definition]

The [User definition] section corresponds to the judgment item User definition.

The following table describes the information to be defined in the [User definition] section.

Table 16-57 Contents of the [User definition] section

No. Parameter ID Item Setting value Required

1 Option Judgment option Specify whether user definitions are to be judged.
0: Not to be judged
1: To be judged Yes

2 UserDefJudge Judgment item name Specify the information to be imported to the user definition that will be judged. For details about the setting values, see Table 16-17. No

3 Class

4 Property

5 Comparison condition

6 Comparison value

7 Treatment when value is not set for property

8 Security level

No.	Parameter ID	Item	Setting item	Required
1	Version	Version	090100	Yes

No.	Parameter ID	Item	Setting value	Required
1	Option	Judgment option	Specify whether security updates are to be judged. 0: Not to be judged 1: To be judged	Yes
2	Conditon	Judgment condition	Specify the judgment condition. 1: Whether the latest security update has been applied to the client is judged. 2: Whether the security update specified by the administrator has been applied to the client is judged.	Yes
3	Latest Level	Security level	Specify as one of the following codes the security level that is set when 1 is specified for the judgment condition and the latest security update has not been applied: 200: Caution 300: Warning 400: Danger	Yes
4	Exclude Option	Exclusion option	Specify whether to exclude a specific program when 1 is specified for the judgment condition. 0: Not excluded 1: Excluded	Yes
5	ExpUpProgram	Security information number	Specify the information to be imported to the security updates that will be excluded. For details about the setting values, see Table 16-10.	No
6	document number
7	NeedUpProgram	Security information number	Specify the information to be imported to the mandatory security updates (patch information). For details about the setting values, see Table 16-11.	No
8	Document number
9	Target OS
10	OS service pack
11	Product code
12	Product version
13	Product service pack
14	Security level
15	Product name
16	Comparison condition
17	NeedUpServicePackProduct	Product name	Specify the product service pack information to be imported to mandatory security updates (service pack information). For details about the setting values, see Table 16-12.	No
18	Product version
19	Product service pack
20	Service pack condition
21	OS type
22	OS service pack
23	Security level
24	NeedUpServicePackOS	OS type	Specify the OS service pack information to be imported to mandatory security updates (service pack information). For details about the setting values, see Table 16-13.	No
25	OS service pack
26	Service pack condition
27	Security level

No.	Parameter ID	Item	Setting value	Required
1	Option	Judgment option	Specify whether anti-virus products are to be judged. 0: Not to be judged 1: To be judged	Yes
2	VirusProduct	Anti-virus product name	Specify the information to be imported to the anti-virus products that will be judged. For details about the setting values, see Table 16-14.	No
3	Product version
4	Engine version
5	Virus definition file version
6	Determine that PCs with no resident anti-virus products are at risk
7	Security level

No.	Parameter ID	Item	Setting value	Required
1	Option	Judgment option	Specify whether unauthorized software is to be judged. 0: Not to be judged 1: To be judged	Yes
2	UnjustSoftware	Software name	Specify the information to be imported to the unauthorized software that will be judged. For details about the setting values, see Table 16-15.	No
3	Version
4	OS type
5	Security level
6	Comparison condition

No.	Parameter ID	Item	Setting value	Required
1	Option	Judgment option	Specify whether the mandatory software is to be judged. 0: Not to be judged 1: To be judged	Yes
2	NeedSoftware	Software name	Specify the information to be imported to the mandatory software that will be judged. For details about the setting values, see Table 16-16.	No
3	Version
4	OS type
5	Security level
6	Group name
7	DMClient	Judgment option	Specify whether JP1/Software Distribution Client is to be judged. 0: Not to be judged 1: To be judged	Yes
8	Version	Specify the version of JP1/Software Distribution Client as a string of 60 or fewer bytes.
9	Security level	Specify the security level as one of the following codes: 200: Caution 300: Warning 400: Danger
10	DMSubManager	Judgment option	Specify whether JP1/Software Distribution SubManager is to be judged. 0: Not to be judged 1: To be judged	Yes
11	Version	Specify the version of JP1/Software Distribution SubManager, as a string of 60 or fewer bytes.
12	Security level	Specify the security level as one of the following codes: 200: Caution 300: Warning 400: Danger
13	DMRelayManager	Judgment option	Specify whether JP1/Software Distribution Manager (relay manager) is to be judged. 0: Not to be judged 1: To be judged	Yes
14	Version	Specify the version of JP1/Software Distribution Manager (relay manager) as a string of 60 or fewer bytes.
15	Security level	Specify the security level as one of the following codes: 200: Caution 300: Warning 400: Danger

No.	Parameter ID	Item	Setting value	Required
1	Option	Judgment option	Specify whether the PC security settings are to be judged. 0: Not to be judged 1: To be judged	Yes
2	PCSecurity	Group name^#	Specify the group name. For details about the setting values, see Table 16-56.	No
3	Group judgment option	Specify whether the specified group is to be judged. If a group containing multiple items is specified for group-name, specify the same value for all items in the group. 0: Not to be judged 1: To be judged
4	Item name^#	Specify the judgment item name. For details about the setting values, see Table16-56.
5	Item judgment option	Specify whether the specified judgment item is to be judged. If a group containing only one item is specified for group-name, specify the same value that is specified for group-judgment-option. 0: Not to be judged 1: To be judged
6	Judgment condition^#	Specify the judgment condition. For details about the setting values, see Table 16-56.
7	Comparison value^#	Specify the comparison value. For details about the setting values, see Table 16-56.
8	Security level	Specify the security level as one of the following codes: 200: Caution 300: Warning 400: Danger
9	Treatment if item is not applicable	Specify the desired behavior if the judgment item does not exist. You can specify one of the following values: 1: The specified security level is set. 2: Judged Safe. 3: Judged Not applicable. 4: Judged Unknown.

No.	Corresponding item name	Setting values in the [PC security settings] section
Group name	Item name	Judgment condition	Comparison value
1	Guest account settings	Accounts	Guest account settings	1: Guest account exists and is enabled. 2: Guest exists.	--
2	Vulnerable password	Passwords	Vulnerable password	--	--
3	Password that never expires	Password that never expires	--	--
4	Days since the password was updated	Days since the password was updated	--	1 to 1000
5	Automatic logon	Logon	Automatic logon settings	--	--
6	Power-on password	Power-on password settings	1: Power-on password is not set. 2: Power-on password is not set or is not installed.	--
7	Shared folder settings	Shares	Shared folder settings	--	--
8	Restrictions on anonymous connections	Anonymous connections	Anonymous connections are restricted	--	--
9	Status of unnecessary services	Services	Unnecessary services are running	--	--
10	Windows firewall settings	Firewall	Windows Firewall Settings	1: The Windows firewall is disabled. 2: The Windows firewall is disabled or allows exceptions.	--
11	Windows automatic update settings	Automatic updates	Settings for Windows automatic updates	--	--
12	Screensaver settings	Screensaver	Screensaver settings	--	--
13	Password protection	Password protection of screensaver	--	--
14	Drive encryption by BitLocker	Drive Encryption	BitLocker Drive Encryption	1: The system drive is not encrypted. 2: A drive is not encrypted.	--

No.	Parameter ID	Item	Setting value	Required
1	Option	Judgment option	Specify whether user definitions are to be judged. 0: Not to be judged 1: To be judged	Yes
2	UserDefJudge	Judgment item name	Specify the information to be imported to the user definition that will be judged. For details about the setting values, see Table 16-17.	No
3	Class
4	Property
5	Comparison condition
6	Comparison value
7	Treatment when value is not set for property
8	Security level

(3) Specification example

  
[Policy Information] 
"Version","090100" 
[Security updates] 
"Option","1" 
"Conditon","2" 
"Latest Level","300" 
"Exclude Option","0" 
"ExpUpProgram","09-032","923854" 
"ExpUpProgram","09-033","923855" 
"NeedUpProgram","09-040","998765","0000","0","0","","0","300","","" 
"NeedUpProgram","09-050","998855","0039","0","1","7.0","0","300","","" 
"NeedUpProgram","09-060","999855","0028","1","99","2003","0","300","SoftA","3" 
"NeedUpServicePackOS","0014","2","1","200" 
"NeedUpServicePackOS","0028","1","0","400" 
"NeedUpServicePackProduct","1","6.0","1","0","0000","0","300" 
[Anti-virus products] 
"Option","1" 
"VirusProduct","AntiVirus A","10.2.1.5","5.2.3.001","20100215.001","1","400" 
"VirusProduct","AntiVirus B","","","","0","300" 
[Prohibited software] 
"Option","1"
"UnjustSoftware","SoftA","","0000","200","2" 
"UnjustSoftware","SoftB","0100","0200","300","1" 
[Mandatory software] 
"Option","0" 
"NeedSoftware","""SoftC""","""""","0000","200","SoftC" 
"NeedSoftware","""SoftD"",""SoftE""","""0100"",""0200""","0017","200","SoftDE" 
"DMClient","1","0910,"200" 
"DMSubManager","0","","200" 
"DMRelayManager","0","","200" 
[PC security settings] 
"Option","1"
"PCSecurity","Accounts","1","Guest account settings","1","1","","200","3" 
"PCSecurity","Passwords","1","Vulnerable password","0","","","300","1" 
"PCSecurity","Passwords","1","Password that never expires","0","","","300","3" 
"PCSecurity","Passwords","1","Days since the password was updated","0","","180","200","4" 
"PCSecurity","Logon","0","Automatic logon settings","0","","","200","3" 
"PCSecurity","Logon","0","Power-on password settings","0","1","","200","3" 
"PCSecurity","Shares","0","Shared folder settings","0","","","200","3" 
"PCSecurity","Firewall","0","Windows Firewall Settings","0","1","","200","3" 
"PCSecurity","Automatic updates","0","Settings for Windows automatic updates","0","","","200","3" 
"PCSecurity","Screensaver","0","Screensaver settings","0","","","200","3" 
"PCSecurity","Screensaver","0","Password protection of screensaver","0","","","200","3" 
"PCSecurity","Drive Encryption","1","BitLocker Drive Encryption","1","2","","400","2" 
[User definition] 
"Option","1" 
"UserDefJudge","ItemA","""asset-information""","""asset-number""","""1""","""100000001""","""4""","200" 
"UserDefJudge","ItemB","""asset-information"",""hardware-asset-information ""","""device-status"",""free-disk-space""","""2"",""7""","""100"",""100000""","""1"",""4""","200"

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated