AnsweredAssumed Answered

Policy Compliance Exceptions & Grouping

Question asked by Brandon Black on Aug 9, 2018

Is there a way to apply an exception to a specific policy check across the entire policy. So that not only would it apply to all of the current machines running the policy, but it would apply to any new devices that are run against the policy in the future.


I understand that it is possible to make edits to a policy to remove certain checks, however I see a benefit in running the locked-CIS policies and have checks report as Passing, Failures and Exceptions against the policy. It would also provide more of a benefit with approval of the exception as it should only be one exception that needs to be approved, and not one exception for each device the policy is checked against.


Thank You.