Track Compliance with Security Policies
Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista
One of the greatest advantages of NAP is that it allows you to measure and track compliance with corporate security policies. Tracking something as simple as compliance with antivirus signature updates can provide valuable information that you can use to address potential vulnerabilities on your network. A well-designed NAP reporting structure is associated with benefits that include:
Creation of a dynamic network health profile
Early identification of potential threats
Validation of security methods
Prioritization of security and administrative efforts
Unified access and compliance reporting across different access mediums
Vertical reporting (monthly summary of status for management)
Types of NAP reports
NAP reporting can be customized to meet the needs of your organization. The following are some examples of the types of NAP reports that can be created and the benefits they provide.
Client compliance report
Description: This report will show the number of compliant and noncompliant clients for all enforcement methods on a monthly basis.
Benefit: Provides a summary of the overall health of your network for each month reported.
See the following figure for an example of a NAP client compliance report:
Sample NAP client compliance report
Client non-compliance SHV report
Description: This report will show the number of noncompliant clients for each installed SHV on a monthly basis.
Benefit: Displays which SHVs are reporting the most and the least compliance on your network so that you can troubleshoot or adjust health policies.
See the following figure for an example of a NAP client non-compliance SHV report:
Sample NAP client non-compliance SHV report
Client access report
Description: This report will show the number of clients that were granted full access and restricted access for all enforcement methods on a monthly basis.
Benefit: Can be used to assess the effect of current health policies on access to each area of your network.
See the following figure for an example of a NAP client access report:
Sample NAP client access report
Access trends report
Description: This report will show the number of clients granted full access and restricted access over a specified time period.
Benefit: Displays trends in network access over time that can be used to determine the stability of network health.
See the following figure for an example of a NAP client access trends report:
Sample NAP compliance trends report
The following illustration shows an example of components used for this NAP deployment goal.
Example NAP reporting design
In this example, Microsoft® SQL Server™ Express is installed on the local computer. NPS logs are captured and then forwarded to a central server running SQL Server. For considerations to take into account when developing your NAP reporting infrastructure, see NAP Reporting.