1. Field of the Invention
The present invention relates generally to applying computer standards. More specifically, the present invention relates to a computer implemented method, apparatus, and computer usable program code for applying compliance standards to a computer within a grouping hierarchy.
2. Description of the Related Art
Compliance is defined as being in accordance with established guidelines, specifications, or legislation or the process of becoming so. Software, for example, may be developed in compliance with specifications created by some standards body, such as the Institute of Electrical and Electronics Engineers (IEEE) and may be distributed in compliance with the vendor's licensing agreement.
Most companies today have some level of defined internal policies for information technology security, but many have insufficient mechanisms to measure compliance and enforce those policies. Existing compliance software enables a company to define a standard based on the operating system, applications, and vulnerabilities present on a particular host, quantify the business risk associated with that host, and then measure other hosts against that standard. Targets may then be set for continuous improvement, enabling greater security at lower costs.
Thus, most compliance products today ensure the compliance by reporting the compliance issues by either comparing with preset regulations or by comparing with a compliant golden standard. Using an existing solution to enforce the security and software compliance for all computers in the data center may be a difficult and complicated task. Due to the large number of computers, their different properties, and complicated usage cases, a different array of compliance check rules need to be applied to different sets of computers. Some computers fall into several compliance check sets and must meet different sets of compliance check rules. Thus, it is very difficult to define rules for all of the different systems.