Many challenges exist in administrating a network of computing systems (“nodes”), particularly networks with hundreds, thousands, or more nodes. Complicating network management further is the potentially large variance in node operating systems, hardware configurations, software configurations, networking configurations, and the like. For instance, two nodes in the same network can include different versions of the same program, different programs, different hot fixes, and different operating systems. As used herein, a node's hardware configuration, operating system configuration, software configuration, network configuration, and other properties or characteristics is referred to collectively as a “node configuration” or simply “configuration”. To provide a consistent standard for monitoring, maintaining, and configuring individual nodes within the network, a network administrator may devise one or more network node policies to govern the configuration of nodes within the network. The policies may include specific requirements relating to the configuration and operation of each node in the network. Assessing the vulnerability of such a network to attack can be inefficient or impractical. Accordingly, there is a need for a system to measure and manage the vulnerability of the network to attack.