Skip to main content
All CollectionsCompliance automation
Compliance readiness checklist
Compliance readiness checklist
Updated over 8 months ago

In this article, we guide you on how to check the compliance status of your devices and apply compliance policies to them using Swif. Here are the benchmarks (followed by the CIS benchmark) Swif applies to:

  1. Security patches auto-applied

    1. Requirement: Check if the software update policy has been deployed to the device and the device is enforced to update to the last OS version

  2. Screensaver lock required

    1. Requirement: Check if the screen saver policy has been deployed to the device and the password is asked when waking up from the screensaver.

  3. Hard disk encryption

    1. Requirement: Check if FileVault or Bitlocker policy has deployed to the device and the encrypted disk is enforced

  4. Password policy

    1. Requirement: Check if Password policy has deployed to the device with these settings

      1. Eight (8) or more characters, one upper case, one number

  • Note, you can always adjust the settings of each policy to meet your requirements.

Let's dive into the exploration of the new compliance checklist UI with this guide. This tool provides a swift and straightforward way to perform compliance readiness checks for specific devices.

Begin by hovering over the compliance status to view the existing compliance measures and those that need application.

Checking Compliance Status

Step 1: Hover over the compliance status.

Image

This action displays the current compliance status of the device.

Step 2: Click on the compliance status.

Image

This action opens the compliance panel on the right, allowing for a review of the requirements for macOS or Windows devices.

Compliance Requirements for macOS and Windows Devices

For macOS devices, requirements include the CIS benchmark policies. Windows devices require BitLocker to be enabled as well as the Windows password policy.

Step 1: Review the requirements for macOS devices.

Image

Step 2: For an uninstalled policy, click Apply policy to apply to a device. (P.S. We recommend using the Device group to automate the policies deployment.)

Image

Step 3: Select the corresponding device to enable compliance readiness. After this, click save.

Image

The applied compliance policy on the device is now visible. Repeat this process for any remaining incomplete compliance measures.

Step 4: Apply the remaining policies.

Image

Enabling device encryption may take some time. Wait for the agent to enable the FileVault encryption on the device before checking the device compliance readiness again. The macOS password policy can also be applied to the device.

After a while, the device encryption will be enabled and the device security compliance will be ready.

Step 5: Check the device compliance readiness.

Image

The device is now compliant.

Compliance Checklist for Windows Devices

The same checklist applies to Windows devices. Check this in the security tabs of the detailed device page. Apply any missing policies to make the device compliant. Once all necessary policies are installed on the device, it will be compliant.

For Windows devices, the BitLocker policy must be turned on and the screen server with the power policy needs to be installed. Once all necessary compliances are satisfied, the device is fully compliant.

This guide concludes on how to check device compliance readiness. Refer to this guide as needed.

Did this answer your question?