Compliance Sheriff

An Introduction to HiSoftware Compliance Sheriff

Version 4.2

HiSoftware Compliance Sheriff is an application suite of auditing and compliance tools.  It allows your organization to implement governance policies around unstructured content in a shared environment, based on the current standards outlined by HIPAA, FISMA, COPPA, Section 508, Section 208, WCAG 1.0, WCAG 2.0, and other commonly observed U.S. and international standards. In addition to these published standards, you can create custom sets of rules to suit your organization’s unique policies and requirements. Compliance Sheriff scans your content against these rule sets, and displays the results in easily understood reports that reveal why content has passed or failed.

 

Note: This document is compiled from HiSoftware Compliance Sheriff User’s Guide and Universal Design Center, California State University, Northridge documentation

Scans

A scan is a collection of checkpoints that will be executed on the pages of a website. Once a scan has been run, you can use the scan results to create views and reports. Scans allow you to run multi-level checks on your site for compliance issues. They can be scheduled by site users with valid permissions. Multi-level checks scan certain levels down into the website, beginning from the start page.

Example of a 2-level scan:

 

Home page → is located at the level 0

Pages associated to every link within the Home page → are located at the level 1

Pages associated to every link within the pages at level 1 → are located at the level 2

 

When you click on the Scans tab, a list of all the scans you've created will appear on the screen.  The page defaults to the Scans sub-tab, but you can click the Groups sub-tab to see a list of all your scan groups.  You can also select a scan group from the Scan Group pull-down menu in the upper right. You can create a new scan by clicking New, or delete a scan by checking the appropriate box and clicking Delete.  If you click Toggle Filter, text boxes will appear at the top of each column, and you can enter specific values into these boxes to filter your list.  Check Disable auto-update if you don't want the page to refresh while you're selecting a range of scans.

 

Create a New Scan

To create a new scan, you must enter a Base URL and select at least one checkpoint group.

1.   Click on the Scans tab, then click on the Scans sub-tab.

2.   Click on the New button.

3.   In the Display Name field, type a name for the scan. You can use long descriptive names.

4.   In the Base URL field, type the full path name of the site to be scanned.

5.   By default, subgroups are not listed in the table. Put a check in the “Show subgroups” box to show all available subgroups in the list.

6.   In the Checkpoint groups table on the right, select the Checkpoint groups or/and Subgroups to be used by the scan, then click on the Add button.  You must select at least one checkpoint group.  (A subgroup is any checkpoint group that is contained by another checkpoint group.)

7.   If you would like the scan to begin from a specific site page, enter the address of this page in the Start page field.

8.    Click on the Save button.

 

Note: The option provided for testing additional file formats which is to check PDF and WORD documents, is not functioning at this time.

Edit a Scan

1.   Click on the Scans tab, then click on the Scans sub-tab.

2.   Locate the scan you wish to edit, and click on its name.

3.   Modify the scan properties as needed.  To remove a checkpoint group, look for the checkpoint group's name in the left-side Checkpoint groups field, click in the box next to it, then click on the Remove button.

4.   Click on the Save button.

 

If you use the Save as new button to create a new Scan, you must change the Display name first

Delete a Scan

1.   Click on the Scans tab, then click on the Scans sub-tab.

2.   If the scan you wish to delete is running, stop it first, using the Stop button on the far right.

3.   Select the check box next to the scan's name.

  You can select more than one scan to delete at a time.

  To select or de-select all scans, you can double-click on the header cell of the check box column, located at the top left.

4.  Click on the Delete button.

5.  A confirmation dialog box will appear.  Select OK to confirm deletion.

 

Any results that may have existed for the scan will be permanently deleted.

If you elect to delete a scan that has a view associated to it, a confirmation box will appear: "One or more views refer to the scan(s) you are deleting, and may not continue to function correctly." Choose OK to delete, or Cancel to abort.

Run a Scan

1.   Click on the Scans tab, then click on the Scans sub-tab.

2.   Find the scan you wish to execute and click on the Run button, located at the far right of the row. Run launches the scan immediately.  If the scan is marked as "local" in the Base URL column, it will run on your own machine. This option requires theHiSoftware Toolbar.

3.   The status will change to "Running."

Scans can also be started automatically by setting up a  Schedule.

Stop a Scan

1.   Click on the Scans tab, then click on the Scans sub-tab.

2.   Check that the scan status  shows as Running.

3.   Click on the associated Stop button  to stop  the scan.  The Stop button  is located in the same place as the Run button, at the far right of the row.

View Scan Results

1. After a scan has been run, click on the Scans tab, then click on the Scans sub-tab.

2. Click More in the row corresponding to your scan.   The More link is located in the far-right column.

3. Additional fields will appear beneath the row. To view a scan result, click Show Results.

4. The properties for a view will be displayed. If you have previously specified a view, the view properties will be remembered.  (For more information on view properties and how to manage them, please consult the  Views section of this document.)

  The view will only show the results of the current scan.

5. Click Save to save the results and view properties of this scan.  To cancel, click on the Cancel

button.

Schedule Scans

A scan can be scheduled to run at predetermined intervals. Multiple schedules can be defined for a scan. If a scan has no schedule defined the text "schedule" will be displayed in the schedule column. If there are one or more schedules defined the date and time of the next run will be displayed.

Schedule a Scan

1.   Click on the Scans tab, then click on the Scans sub-tab.

2.   Locate the Scheduled column (on the far right).

3.   In the corresponding row, click on the text: It will either appear as "schedule" (meaning no schedule has been created yet), or it will show the date and time of the next scheduled run (meaning a schedule has already been created).

4.   Click on the Add button to define a schedule.

5.   Select the Schedule properties you require.

6.   Click on the Save button.

7.   When you return to the scans list, you will see the date and time of the next scheduled run.

If a scan is scheduled to run more than once per day, but the first run has not completed by the time the next run is scheduled to begin, then this next run will be skipped.

 

Example:

Schedules: Daily at 3:00pm, 3:30pm and 4:00pm.

If the scan takes 70 minutes to run, then there will be only 1 scan result per day.

 

Schedules use the time zone defined in the User preferences under Settings. The default time is based on the locale set on the server hosting HiSoftware Compliance Sheriff.  Hence, if a user in a different time zone wants to set a schedule on the actual date/time defined for the server, the time difference should be taken in consideration.

 

Edit a Scan Schedule

1.   Click on the Scans tab, then click on the Scans sub-tab.

2.   Click on the current schedule defined for the scan under the Scheduled column.

3.   You can edit the current Schedule properties defined: click Add to set another schedule for the scan, or click on the Remove link to remove a schedule.

4.   Click Add to define a new schedule.

5.   If you want to revert to a manual process, all schedules defined must be removed.

6.   Click Save.

7.   On returning to the scans list, you will see the date and time of the next scheduled run, as defined by the schedule you created.

 

Delete a Scan Schedule

1.   Click on the Scans tab, then click on the Scans sub-tab.

2.   Click on the current schedule defined for the scan under the Scheduled column.

3.   Click on the Remove link in the far right column.

4.   Click Save.

5.   A confirmation dialog box will appear.  Click on OK to confirm deletion.

 

Views

A view is a presentation of data from the results database.  A view may contain a graphical chart, a textual summary, or table of results.

 

When you click the Views tab, a list of the views you have created will appear, along with the date they were last modified.  To see what a view looks like, click the preview icon in the appropriate row (the icon is a small magnifying glass).  Similarly, you can also generate a report from any view.  If you have created a long list of views, use the Search field to find the view you're looking for.

All dates and times displayed use the time zone specified in the user’s preferences.

Create a View

1.   Click the Views tab.

2.   Click New.

3.   In the Name field, enter a name for the view.

4.   In the Show results for field, you will see three options:  scans, scan groups, or monitors.

Choose which category you want the view to show results for.

5.   If you selected scans in Step 4, a Scans menu will appear in the field below.  From this field, choose which scan or scans you would like to be associated with the view (you can select multiple items from each scroll-down menu by holding the CTRL button).  If you selected scan groups on monitors, the process is the same.  If you have already run the scan(s), scan group, or monitor(s) associated with this view, a preview of the view will appear in the preview pane as you make your selections.  ClickDisable auto-update if you don't want the preview pane to reload each time you make a change.  If you choose this option, you can use the Update button to refresh the preview.

6.   In the Checkpoint Groups field (or Checkpoints field, if you've selected a monitor), select which checkpoint groups should appear in the view.  (PLEASE NOTE: You can open or close each field on this page by clicking the arrow buttons in the upper right of each field.)

7.   In the Pages field, you can select the specific URLs that the view will display results for.

8.   Modify the Chart,  Summary, and Table fields as desired.

9.   Click the Save button.

“Save as new” View

Saving a new view with a new name does not provide different or updated content compare to the content of the previous view.

Although multiple views can be created for different user groups, the very first view, which was created the very first time, retrieves information and gets updated every time a scan is run. Saving a new view would not save the current scan result to be retrieved later. Each time a scan is run all the views associated with the scan will be updated to the new scan result.

The comparison data from different scans will be available via the only view saved for the associated scan. 

Delete a View

1.   Click on the Views tab.

2.   Find the View you wish to delete and click in the checkbox to the left of its name, in the first column of the table.

3.   Click on the Delete button.

4.   A confirmation dialog box will appear.  Select "OK" to confirm deletion.

If a View is being used in the Dashboard a different confirmation will appear: "One or more user dashboards refer to the View(s) you are deleting, and may not continue to function correctly." Choose OK to Delete, or Cancel to abort.

You can select more than one view to delete at a time.

View Properties

 

Name

This is the display name of the view, used in the title bar for tabs or panels on the dashboard, and as the title for any generated reports.

 

Properties for views showing scan results

Scans

From this field, choose which scan or scans you would like to be associated with the view.  You can select multiple scans by holding the CTRL button.  If you have already run the scan(s) associated with this view, a preview of the view will appear in the preview pane as you make your selections.  Click Disable auto-update if you don't want the preview pane to reload each time you make a change.  If you choose this option, you can use the Update button to refresh the preview.

 

Checkpoint Groups

In the Checkpoint Groups field, select which checkpoint groups should appear in the view.  You can select multiple checkpoint groups by holding the CTRL button.

 

By default, the results for all checkpoint groups (as selected in the scan definitions) are included in the view. However, you may choose to report on specific groups.

 

Pages

In the Pages field, you can select specific URLs that the view will display results for.  (PLEASE NOTE: Depending on the scans you've selected, this field may be blank.)

 

Chart

In the Chart field, you can select a type of chart to display the data you have selected.

 

Summary

In the Summary field, you can enable or disable the display of information from the scan summary in your view.  This information can include any (or none) of the following items:

• Date/Time scan started
• Date/Time scan completed
• Number of pages scanned
• Number of checkpoints tested

View Tables

 

Tables for views showing scan results

The following table types are available:

 

Page compliance

The page compliance table shows the individual checkpoint results in an expandable tree, and includes a page count and percentage for each result type (Failed, Warning, Visual, Passed and N/A).

 

By default, the results can be grouped as follows:

• By result value, then page, then checkpoint group, then checkpoint
• By result value, then page, then checkpoint
• By result value, then scan, then page, then checkpoint group, then checkpoint.

You can customize groupings by accessing Table groupings, located in the Settings tab.  Note that the first level of the Page compliance table should always be "Result".

 

Issue identification

The Issue Identification table shows the individual checkpoint results in an expandable tree, with columns for showing the number of failures in each top-level group.

 

By default, the table can be grouped as follows:

• By checkpoint group, then by checkpoint, then page
• By checkpoint group, then priority, then checkpoint, then page
• By scan, then by checkpoint group, then checkpoint, then page
• By scan, then page, then group, then checkpoint
• By checkpoint group, then priority, then page, then checkpoint
• By page, then checkpoint group, then checkpoint.

You can customize groupings by accessing Table groupings, located in the Settings tab.

Access the Show Instances Feature From a View

The show instances feature can be accessed from a view, but the view must be set to table type Issue identification or Occurrences.  To change a view to one of these two table types, follow the instructions below. If you have already created a view with this table type, skip ahead to Step 6.

 

1.   Click on the Views tab.

2.   Click on the name of the View you wish to change.

3.   Click on the gray Table bar to open the Tables pull-down menu.

4.   From the table type pull-down menu, select "Issue identification" or "Occurrences". In the example shown below, "Issue identification" has been selected.

5.   Click on the Save button.

6.   Once the views main page has loaded, click on the preview icon (a magnifying glass) in the row associated with the view you want to examine.

7.   Locate the link associated with the page you want to open in the show instances feature, and click on it.

8. The page will be opened in the show instances feature.

Appendix 1: Scan Levels