IBM BigFix: Compliance Analytics Setup Guide · SCM mastheads and Fixlet sites v Y ou might have earlier BigFix Fixlets, IBM BigFix Fixlets, and custom Fixlets for security compliance

IBM BigFix

Compliance AnalyticsSetup GuideVersion 1.9

IBM

IBM BigFix

Compliance AnalyticsSetup GuideVersion 1.9

IBM

NoteBefore using this information and the product it supports, read the information in “Notices” on page 19.

This edition applies to version 9, release 5, modification level 0 of IBM BigFix and to all subsequent releases andmodifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2012, 2017.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Chapter 1. Introduction . . . . . . . . 1System Requirements . . . . . . . . . . . 1Setup Considerations . . . . . . . . . . . 3

Chapter 2. Installing Security andCompliance Analytics . . . . . . . . . 7Download IBM BigFix Analytics . . . . . . . . 7Running the installer . . . . . . . . . . . 7Upgrading. . . . . . . . . . . . . . . 10Migrating keystores. . . . . . . . . . . . 11

Performing initial set up and configuration . . . . 12Configure HTTPS . . . . . . . . . . . . 15Configuring LDAP . . . . . . . . . . . . 16

Appendix. Support . . . . . . . . . 17

Notices . . . . . . . . . . . . . . 19Trademarks . . . . . . . . . . . . . . 21Terms and conditions for product documentation. . 22

© Copyright IBM Corp. 2012, 2017 iii

iv IBM BigFix: Compliance Analytics Setup Guide

Chapter 1. Introduction

IBM® BigFix Compliance Analytics (previously known an Security and ComplianceAnalytics or SCA) is a component of IBM BigFix Compliance, which includesvulnerability detection libraries and technical controls and tools based on industrybest practices and standards for endpoint and server security configuration (SCMchecklists). The vulnerability detection libraries and the technical controls enablecontinuous, automated detection and remediation of security configuration issues.

BigFix Compliance Analytics provides report views and tools for managing thevulnerability of SCM checks.

BigFix Compliance Analytics generates the following reports, which can be filtered,sorted, grouped, customized, or exported using any set of BigFix properties:v Overviews of Compliance Status, Vulnerabilities and Historyv Checklists: Compliance Status and Historyv Checks: Compliance Status, Values, and Historyv Vulnerabilities: Rollup Status and Historyv Vulnerability Results: Detailed Statusv Computers: Compliance Status, Values, Vulnerabilities, and Historyv Computer Groups: Compliance Status, Vulnerabilities, and Historyv Exceptions: Management, Status, and History

New features

The following features and enhancements are included in BigFix Complianceversion 1.9.v Policy feature, which is a collection of checklists for PCI users that allows for

aggreration and rollups across multiple checklists. For more information, see theIBM BigFix Compliance Payment Card Industry (PCI) Add-on User's Guide.

v Receive e-mail notifications for failed imports and when unexpected changes totarget reports occur (which includes disparity in expected number of rows andwhen the number of rows are updated on a saved report.)

v Lines with lengthy content entries are wrapped on the Grid Report View and onPDF grid reports.

v Use of BigFix Compliance and BigFix Inventory on the same server without anysession key conflicts.

v Improved viewing - The Overview page does not display the VulnerabilityOverview if there is no report about vulnerability.

v Upgrade to Ruby on Rails version 4.2v Update of IBM JRE to 8.0.4.2.v Support of upgrades from earlier versions of Compliance.

System RequirementsSet up your deployment according to the system requirements to successfullydeploy BigFix Compliance Analytics.

© Copyright IBM Corp. 2012, 2017 1

http://www.ibm.com/support/knowledgecenter/SS6MCG_9.5.0/com.ibm.bigfix.compliance.doc/pci.html

Configure your BigFix Compliance Analytics deployment according to thefollowing requirements:

Table 1. Supported components and system requirements to deploy BigFix ComplianceAnalytics

Components Requirements

Supported browser versions v Internet Explorer versions 10.0, 11.0

v Firefox 31 and later versions

v Firefox Extended Support Release (ESR)versions 24 and 31

v Google Chrome 35.0 and later versions

Supported IBM BigFix component versions v Console versions 9.0, 9.1, 9.2, 9.5

v Web Reports versions 9.0, 9.1, 9.2, 9.5

v Windows Client versions 9.0, 9.1, 9.2, 9.5

v UNIX Client versions 9.0, 9.1, 9.2, 9.5

SCA server operating system requirements v Microsoft Windows Server 2008 (64-bitonly)

v Microsoft Windows Server 2008 R2

v Microsoft Windows Server 2012

v Microsoft Windows 2012 R2

v Microsoft Windows Server 2016

Note: BigFix Compliance Analytics supportsoperating systems with the 64-bit versionsonly.

SCA database server requirements v Microsoft SQL Server 2008 R2

v Microsoft SQL Server 2012

v Microsoft SQL Server 2014

SCA server You must have Administrator privileges onthe target SCA server.

SCA database You must have dbcreator permissions on thetarget SCA database. server.

IBM BigFix database user permissions IBM BigFix database user permissions

SCM mastheads and Fixlet sites v You might have earlier BigFix Fixlets, IBMBigFix Fixlets, and custom Fixlets forsecurity compliance in your deployment.These Fixlets continue to functioncorrectly, but only certain Fixlets displaywithin the SCA reports.

v To view the current list of SCM contentsites that are supported with SCA, see thetechnote What SCM content is availablefor TEM?.

IBM BigFix DB2 database permissions You must have data administration authority(DATAACCESS) to perform the followingtasks:

v Access to create objects

v Access to data within an IBM BigFix DB2database

2 IBM BigFix: Compliance Analytics Setup Guide

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1770

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1770

Table 1. Supported components and system requirements to deploy BigFix ComplianceAnalytics (continued)

Components Requirements

IBM BigFix database permissions fordatasources

You must have the following MSSQL andDB2 permissions to perform tasks related todatasource.

MSSQLNote: MSSQL requires dbcreatorpermissions at a minimum. Thefollowing permission requirementsare required for the datasourcerelated tasks.

v SELECT, EXECUTE

v During set up or whenupgrading: CREATE SCHEMA,CREATE TABLE, CREATE VIEW,CREATE FUNCTION

DB2

v DATAACCESS

v During set up or whenupgrading: DBADM

Server API credentials for PCI DSS policysites users

Using the PCI DSS policy sites requiresproviding additional BigFix API usercredentials for each datasource that usesPCI. Users must have master operatorcredentials or must meet the followingminimum requirements:

v Can use REST API

v Have reader permission for the PCI DSSReporting site

Setup ConsiderationsDuring setup, match your optimum deployment size to your hardwarespecifications. Use the suggestions as general guidance to setup BigFix ComplianceAnalytics.

Consider the requirements of the following servers when you are calculating thedata sizing for SCA.v BigFix Compliance Analytics database serverv BigFix Compliance Analytics application server

Although you can install the BigFix Compliance Analytics server on the samecomputer as your SQL Server, doing so might affect the performance of the BigFixCompliance Analytics application. Carefully manage the SQL Server memory andif necessary, use a dedicated SQL Server computer.

BigFix Compliance Analytics database server

The size of the BigFix Compliance Analytics database server depends on thefollowing factors.v The number of computers

Chapter 1. Introduction 3

v The amount of content that is subscribed onto these computersv The number of imports that are run

You can add more disk space for future growth of endpoints and more securitycompliance checks.v CPU and memory considerations

A minimum of 2 to 3 GHz CPU with 4 GB RAM is sufficient for hosting aBigFix Compliance Analytics database server. The database server would gatheranalytics data for several hundred BigFix clients. The requirements scale withthe number of computers and compliance checks.It is suggested that you add more RAM for the SQL Server as the deploymentenvironment scales up.BigFix Compliance Analytics runs on a 64-bit environment with 64-bit JVM. Themaximum JVM memory limit is 2 GB physical memory space.Use the following suggested sizing matrix for your deployment environment.

Table 2. Suggested sizing matrix for SCA deployment environments

Deployment Size(Number ofcomputers) Data Size CPU Memory

1 - 500 0 - 15 GB quad core 8 GB

500 - 5,000 15 - 25 GB quad core 8 GB

5,000 - 30,000 25 - 60 GB quad core 16 GB

30,000 - 100,000 60 - 165 GB quad core 32 GB

100,000+ 165 GB + 1.5 GB forevery 1,000endpoints

2 x quad core 64 GB+

Note: The sizing matrix does not include the database log size. For BigFixCompliance Analytics 1.6, the log size generally requires the same size as thedatabase size.

v Disk space considerations and assumptionsAn example deployment size of 30,000 BigFix Clients that are subscribed to SCMcontents must take into account the following disk space considerations andassumptions:– A 60 GB of free disk space is needed by the BigFix Compliance Analytics

database server with 30,000 BigFix Clients.– Add 1.5 GB free disk space for the SCA database server for every 1,000 more

clients.– The disk space suggestions are based on the following assumptions:

- Your deployment environment has an average of 2,000 SCM checks and 200SCM checks per computer

- 2% check result change over each import (daily)- 5% of the checks have associated exceptions that are managed in BigFix

Compliance Analytics- 1% of the measured value change over each import (daily)- All measured value analyses for all checks are activated- Your deployment contains one year of archived compliance data (365

imports)


Note: Disk space size is affected by the sum of the following key elements:

(Number of check results and their compliance change over time) + (Numberof vulnerability results and their compliance change over time) + (Number ofmeasured values change over time) + (Computer Group * Checks * Numberof imports over time) + (Number of exceptions + Number of MeasuredValues)

BigFix Compliance Analytics application serverv A minimum of 3 GB of free disk space is needed by the SCA Server. 10 GB of

free disk space can be sufficient for up to 250,000 computers.v A 2 to 3 GHz CPU Quad-cores with 8 GB RAM free memory space to support

30,000 computers.

It is suggested that you have at least 1 GB of available memory space to facilitatePDF generation tasks. Each PDF generation task runs as a separate process andeach process takes as much as 150 MB of memory space.

Firewall considerationsv The BigFix Compliance application uses IBM Java to run of top of IBM

WebSphere Liberty. The service launches prunsrv.exe, a packaged executable file.By default, the protocol encryption layer and port options are set to TLS 1.0 onport 9081, but you can configure the options during the initial set up.

v You can configure the connection for the report mailing feature. The applicationmust be able to contact the mail server.

v The PDF export functionality uses pdf.exe, an external executable file that ispackaged with the application. This executable file does not make any outsideconnections.

Chapter 1. Introduction 5


Chapter 2. Installing Security and Compliance Analytics

Before installing Security and Compliance Analytics, ensure that your system meetsall prerequisites as described in Systems Requirements.

Install and configure IBM BigFix Analytics by completing the following steps:v Install by using the InstallAnywhere installer.v Perform initial configuration by using the web interface.

Upgrading from an earlier version requires updating the data schema as well. Todo this, the operator must access the Security and Compliance Analytics webinterface from the server hosting Security and Compliance Analytics. ClickUpgrade Schema.

Note: It is strongly recommended, especially in big environments, to first performan upgrade in the test environment. To do this, back up your production database,restore it on the test server, and perform the upgrade there. If it is successful,perform the upgrade on the production server.

Download IBM BigFix Analytics

To download BigFix Compliance Analytics, perform the following steps:1. In the IBM BigFix console, add the SCM Reporting masthead.2. In the Security Configuration domain in the console, open the Configuration

Management navigation tree. Click the IBM BigFix Compliance 1.9 First-timeInstall Fixlet under the IBM BigFix Compliance Install/Upgrade menu treeitem.

3. Take the associated action and follow the installation steps in the description ofthe Fixlet.

Running the installerFollow these steps to install BigFix Compliance Analytics.

Procedure1. Run the installer executable file. When you are prompted, extract the installer

file to a folder.2. Run tema-windows-x86_64.exe from within the folder to begin the installation.3. You can change the installation path and port during installation.

a. Installation path


b. TCP port

Note: BigFix Compliance Analytics uses HTTPS by default from version 1.6and later.

4. Specify the user account that runs the IBM BigFix Analytics service. If youconfigure IBM BigFix Analytics to connect to the SQL Server through a userthat is authenticated through Windows, the IBM BigFix Analytics service mustbe configured to run as that same user.


5. When the installation is completed, use the web interface to complete the setupof the IBM BigFix Analytics server.

6. The final window of the installer prompts you to launch a web browser tocomplete the setup. Click Done.

The BigFix Compliance Analytics web server may take a while to fully load.Allow time for the server to initialize.While the server is loading or during the database configuration, you mightreceive a message stating Not Found. This is expected. The page automaticallyreloads when it is ready.

Chapter 2. Installing Security and Compliance Analytics 9

Upgrading

Before you begin

Updating from an earlier version requires updating the data schema as well. Theoperator must access the BigFix Compliance Analytics web interface from theserver hosting BigFix Compliance Analytics. Click Upgrade Schema.

Note:

Before you start the upgrade process, it is strongly recommended that you performserver and database back-up.

About this task

When upgrading from earlier versions of BigFix Compliance Analytics, the installerreplaces the previously supplied server certificate and private key pair with a newself-signed certificate and key pair.

Note: BigFix Compliance version 1.5.78 is the minimum version required toupgrade to BigFix Compliance 1.8 and BigFix Compliance 1.9. Refer to thefollowing table for the upgrade steps required for the different BigFix ComplianceAnalytics version.

Table 3. Upgrade steps for BigFix Compliance Analytics versions

If you're in version Follow these upgrade steps:

1.5.78 or earlier 1. Upgrade to version 1.5.78

2. Upgrade to version 1.7 or 1.8

3. Upgrade to version 1.9

1.6.139 or earlier Upgrade to 1.7 or 1.8, then upgrade to 1.9

BigFix Compliance Analytics 1.6 and later uses IBM WebSphere. Earlier versionsuse Jetty as an application server.

To upgrade from earlier versions of BigFix Compliance Analytics, you mustconfigure your SSL certificate settings again. To apply the settings again, go toManagement > Server Settings when installation is completed.

Procedure1. Click Replace in the Certificate section.2. Click Browse... and select your server certificate and private key.3. Enter the private key password.


4. Click Save and restart BigFix Compliance Analytics. If the original certificateand key pair are difficult to get or are unavailable, follow the steps inMigrating Keystores.

Migrating keystoresFollow these steps to migrate keystores in BigFix Compliance Analytics. A keystoreis a database file that stores security certificates, such as authorization or publickey certificates.

About this task

The BigFix Compliance Analytics installer will save the following files for yourreference under <TEMA_ROOT>\wlp\usr\servers \server1\resources\security\.v Under <TEMA_ROOT>\wlp\usr\servers \server1\resources\security\, a copy of

your original keystore filev Under <TEMA_ROOT>\wlp\usr\servers \server1\config\

– A copy of your original jetty.xml file– The keystore password in deobfuscated_password file

Migrating keystores require the following:v Java Runtime Environment (installed in <TEMA_ROOT>\jre\bin\v The original keystore filev The deobfuscated_password filev Command prompt (Windows) with appropriate PATH set

Procedure1. Convert the keystore from JKS to PKCS12 format.

Table 4. Example command line of converting the keystore format from JKS to PKCS12

Command line example Reference

v Input file: keystore

v Output file: keystore.p12

v <password_string>: The password stringsaved in the deobfuscated_password file

v key_pass: The new password of yourchoice for keystore.p12. The passwordmust be a minimum of 6 characters.

2. Convert the PKCS12 format keystore into PEM format certificate and key usingOpenSSL.

Table 5. Example command line of converting the keystore format from PKCS12 to PEM

Command line example Reference

> openssl pkcs12 -in keystore.p12 -outkeystore.pem

v Input file: keystore.p12

v Output file: keystore.pem

You will be prompted to enter the following passwords:v Password (Import password) for keystore.p12v New password of your choice for the private key. The password must be a

minimum of 4 characters.


3. Open the PEM encoded certificate and key (keystore.pem). Save it as certificateand a private key file.a. The file keystore.pem contains both the certificate and private key in

sections.b. Copy then save the following section server.crt.

-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

c. Copy then save the following section as server.key.-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----

4. Go to Management > Server Settings. Apply the following in BigFixCompliance Analytics.v certificate (server.crt)v key pair (server.key)v password (PEM pass phrase entered in Step 2.)

Performing initial set up and configuration

To set up the database connection, perform the following steps:1. Enter the host and database name fields.2. Select a type of authentication.3. Click Create to create a new administrative user.

4. In the next screen, enter a username and password for the new administratoraccount. Click Create.


5. Connect to your IBM Enterprise Manager database. Enter the host, databasename, and authentication method for your primary IBM BigFix database. ClickCreate.

6. Configure the connection to the BigFix server. The host name or IP address andthe server API Port number are automatically retrieved from the database.Specify only the administrative user that you created during the installation ofBigFix.


The advanced policy functionality is currently used only for PCI content. To enablethe advanced policy functionality, you must provide the credentials for a BigFixconsole operator. It is recommended that this is a master operator, but at theminimum, the console operator must meet the following permissions:v Can use REST APIv Have reader permission for the PCI DSS Reporting site

If you do not use this feature, you may leave these fields blank.

You can also set up a Web Reports database in the fields on the right side of thewindow.


Configure HTTPS

IBM BigFix Compliance Analytics administrators can configure SSL and the TCPports from the Management > Server Settings section of the web interface. Whenturning on SSL, you can provide a pre-existing private key and certificate or havethe system automatically generate a certificate. If you change the port or SSLsettings, you must restart the service for the changes to take effect.

If you generate a certificate, you must specify a certificate subject common name.The common name must correspond to the DNS name of the IBM EndpointManger Analytics server.


If you provide a pre-existing private key and certificate, they must bePEM-encoded. If your private key is protected with a password, you must enter itin the Private key password field.

Configuring LDAP

IBM BigFix for BigFix Compliance Analytics 1.9 supports authentication throughthe Lightweight Directory Access Protocol (LDAP) server. You can add LDAPassociations to IBM BigFix Analytics so you and other users can log in usingcredentials based on your existing authentication scheme.

For more information about LDAP and user provisioning, see the Compliance UserGuide.


Appendix. Support

For more information about this product, see the following resources:v IBM Knowledge Centerv IBM BigFix Support Centerv IBM BigFix Support Portalv IBM BigFix Knowledge Basev IBM BigFix Customer Support Technical Information Newsletterv IBM BigFix Wikiv IBM BigFix Forum


http://www-01.ibm.com/support/knowledgecenter/SSQL82

http://www-01.ibm.com/support/docview.wss?uid=swg21624185

http://www.ibm.com/support/entry/portal/overview/software/security_systems/ibm_bigfix_family

https://www-947.ibm.com/support/entry/myportal/all_documentation_links/security_systems/ibm_bigfix_family?productContext=-2009328398

http://www-01.ibm.com/support/docview.wss?uid=swg27027063

https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Home

https://forum.bigfix.com


Notices

This information was developed for products and services offered in the US. Thismaterial might be available from IBM in other languages. However, you may berequired to own a copy of the product or product version in that language in orderto access it.

IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not grant youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785United States of America

For license inquiries regarding double-byte character set (DBCS) information,contact the IBM Intellectual Property Department in your country or sendinquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement may not applyto you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.


Any references in this information to non-IBM websites are provided forconvenience only and do not in any manner serve as an endorsement of thosewebsites. The materials at those websites are not part of the materials for this IBMproduct and use of those websites is at your own risk.

IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Director of LicensingIBM CorporationNorth Castle Drive, MD-NC119Armonk, NY 10504-1785US

Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.

The performance data discussed herein is presented as derived under specificoperating conditions. Actual results may vary.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

Statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subjectto change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject tochange before the products described become available.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to actual people or business enterprises is entirelycoincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,


modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. The sampleprograms are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.

© (your company name) (year).Portions of this code are derived from IBM Corp. Sample Programs.© Copyright IBM Corp. _enter the year or years_.

TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the web at www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer andTelecommunications Agency which is now part of the Office of GovernmentCommerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of TheMinister for the Cabinet Office, and is registered in the U.S. Patent and TrademarkOffice.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Java™ and all Java-based trademarks and logos are trademarks or registeredtrademarks of Oracle and/or its affiliates.

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in theUnited States, other countries, or both and is used under license therefrom.

Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo aretrademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.

Notices 21

http://www.ibm.com/legal/us/en/copytrade.shtml

http://www.ibm.com/legal/us/en/copytrade.shtml

Terms and conditions for product documentationPermissions for the use of these publications are granted subject to the followingterms and conditions.

Applicability

These terms and conditions are in addition to any terms of use for the IBMwebsite.

Personal use

You may reproduce these publications for your personal, noncommercial useprovided that all proprietary notices are preserved. You may not distribute, displayor make derivative work of these publications, or any portion thereof, without theexpress consent of IBM.

Commercial use

You may reproduce, distribute and display these publications solely within yourenterprise provided that all proprietary notices are preserved. You may not makederivative works of these publications, or reproduce, distribute or display thesepublications or any portion thereof outside your enterprise, without the expressconsent of IBM.

Rights

Except as expressly granted in this permission, no other permissions, licenses orrights are granted, either express or implied, to the publications or anyinformation, data, software or other intellectual property contained therein.

IBM reserves the right to withdraw the permissions granted herein whenever, in itsdiscretion, the use of the publications is detrimental to its interest or, asdetermined by IBM, the above instructions are not being properly followed.

You may not download, export or re-export this information except in fullcompliance with all applicable laws and regulations, including all United Statesexport laws and regulations.

IBM MAKES NO GUARANTEE ABOUT THE CONTENT OF THESEPUBLICATIONS. THE PUBLICATIONS ARE PROVIDED "AS-IS" AND WITHOUTWARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDINGBUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY,NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.


Notices 23

IBM®

Printed in USA

Documents

IBM BigFix: Compliance Analytics Setup Guide · SCM mastheads and Fixlet sites v Y ou might have earlier BigFix Fixlets, IBM BigFix Fixlets, and custom Fixlets for security compliance