Use published assessments to apprise internal or external auditors of your security status and settings. A published assessment represents the review phase of your audit process. Published assessments typically contain the required security checks and an accurate security status for your audited instances, as well as any explanation notes regarding known violations or discrepancies.
When you publish an assessment, it is automatically set to the published mode. IDERA SQL Secure begins tracking each subsequent change applied to the assessment. Use the Change Log tab to review this activity.
Use the published mode to create and maintain a historical electronic trail of change activity, ensuring you can validate and document when, how, and why changes were made.
Approve a published assessment
Approving an assessment lets you safely archive your assessment for future reference. An approved assessment proves you are in compliance with specific corporate and government regulations, and have successfully completed an audit. For each subsequent audit, you can start (save) a new assessment using the approved assessment as a template.
Approve an assessment when the internal or external audit team has "signed off" on your assessment and it is ready to be archived. Approved assessments accurately represent your security status at a specific point in time and no longer require changes.
Actions and Tasks for Published Assessments
The following options are available in the ribbon menu options of the Summary tab of your published assessment.
Edit or View Assessment Settings
Allows you to edit or view the configuration settings for the published assessment, such as the security checks the assessment performs. Any changes performed to the assessment settings will be recorded in the change log.
If your SQL Secure login does not have administrator permissions , you can only view assessment settings.
Refresh Audit Data
Allows you to re-run this assessment using different audit data (up to a specific point in time). Each time you refresh the audit data, SQL Secure registers the action in the Change Log.
Approve
Allows you to approve this assessment. Approving an assessment lets you safely archive a final version of this assessment, preserving your findings and explanation notes. When an assessment is approved, SQL Secure locks the assessment, preventing you from changing or deleting the assessment settings as well as the associated audit data. However, you can manually add or remove notes about an approved assessment by editing the Notes field on the Assessment Properties window. You can also continue to use the Change Log tab to review activity that previously occurred on this assessment.
Save as New Assessment
Allows you to create a new assessment that uses the same settings and audit data as the selected published assessment. When you save a new assessment, SQL Secure lists the assessment in the Draft Assessment folder under the associated policy in the Policies tree.
Compare Assessments
Allows you to compare the findings and settings of the published assessment against another saved assessment or the original policy. You can compare different types of assessments (draft, published, or approved). When you compare this assessment against the original policy from which it was saved, you can identify changes that have occurred since the assessment had been saved.
Remove from Assessment
Removes the selected SQL Server instance from the assessment. This option is available when you have selected a registered instance from the Servers in Policy tree.
Remove Assessment
Permanently deletes the selected assessment from the SQL Secure Repository.