A custom profile is a benchmark profile that you customize to fit your organization's internally defined standards. You can base a custom profile on an existing benchmark and profile combination, and then specify which rules to apply.
For example, assume that your Center for Internet Security (CIS) Benchmark includes a rule that prohibits users from reusing any of the last 24 passwords that they specified. However, your organization enforces a stricter password policy. In this case, you could create a custom profile that enforces all other benchmark rules but excludes the CIS password rule. In this way, you would achieve more realistic compliance scores.
Custom profiles are typically created for long-term use. During an audit, you can note that a custom profile is applied to meet your organization's requirements.
Create a custom profile
Create a custom profile based on an existing benchmark.
- Navigate to Custom profiles.
- Click Create custom profile.
- Select a Benchmark and Profile.
- Deselect rules in the profile that you do not want to scan and click Next.
- Enter the name of the profile and, optionally, a description.
Click Save custom profile.
Your custom profile appears as an option when you assign the associated benchmark to a node.
Delete a custom profile
When a custom profile is no longer necessary, you can delete the profile.
- In the Custom profiles table, select one or more profiles to delete.
- In the Actions drop-down menu, select Delete selected.
- When you are prompted to confirm the choice, click Delete.
Previously run scan reports will continue to show results that reflect the custom profile. However, the custom profile appears in red and will be flagged with a warning triangle. The hover help will indicate that the custom profile no longer exists.