Working with Security Best Practices

Security Best Practices are the basic building blocks for Regulations and Regulatory Requirements. The Compliance Blade uses Security Best Practices to make sure that Security Policy rules comply with Check Point configuration or policy recommendations.

This section show you how to create, activate and deactivate Security Best Practices for your organization or for specified objects. New and changed Security Best Practices take effect during the next security scan. All Security Best Practices are activated by default.

Dependencies

Some Security Best Practices (parents) are dependent upon the results of other (child) Security Best Practices. When this occurs, the Compliance Blade cannot calculate the compliance level for the parent Security Best Practice unless all child Security Best Practices return a secure result. If a child Security Best Practice is not secure, the parent Security Best Practice shows the result as N/A.

Deactivating Security Best Practices

You can deactivate Security Best Practices globally for the organization or for specified objects (gateways, blades or profiles).

To deactivate a Security Best Practice for all of the organization:

1. In Compliance > Security Best Practices, clear the Active option for the Security Best Practice.
2. When prompted, enter an explanation.

   A comment is required to show why it is necessary to stop running this Security Best Practice.

3. Optional: Define an expiration date.

   If you define an expiration date, the deactivated Security Best Practice is automatically reactivated on that date.

To reactivate a Security Best Practice:

1. Open Settings > Inactive Objects.

   De-activated Security Best Practices show in the Inactive Security Best Practices section.

2. Select a Security Best Practice from the list.
3. Click Delete.

   (Or select the Active option in the Security Best Practices pane.)

To change the comment or expiration date:

Double-click a Security Best Practice in the Inactive Objects pane.

To deactivate Security Best Practices for specified gateways:

1. Open Settings > Inactive Objects.
2. In the Inactive Gateways section, click Add.
3. Enter or select a gateway or cluster.

The selected gateways show in the Inactive Gateways list.

To remove a gateway from the Inactive Gateways list:

1. Select the gateway.
2. Click Remove.
3. When prompted, click Yes.

To deactivate a Security Best Practice for a specified object:

1. In Compliance > Security Best Practices, select the Security Best Practice.
2. In the Relevant Objects section, clear the Active option for the object.

   An object can be a gateway, Policy, profile or other object.

3. When prompted, enter an explanation.

   A comment is required to show why it is necessary to stop running this Security Best Practice.

4. Optional: Define an expiration date.

   If you define an expiration date, the deactivated Security Best Practice is automatically reactivated on that date.

To reactivate an object for Security Best Practices:

1. Open Settings > Inactive Objects.

   The de-activated Security Best Practice is in the Inactive Security Best Practices on Specific Objects section.

2. Select the Security Best Practice.
3. Click Delete.

   (Or select the Active option in Security Best Practices > Relevant Objects of the selected Security Best Practice.)

Running a Manual Scan

We recommend that you run a manual scan after:

• You add objects to your Check Point environment.
• You make changes to IPS protections. Changes to IPS protections are not automatically updated.
• You activate or de-activate a Security Best Practice.
• You add new user defined Best Practices.
• You create a new regulation.

To run a manual scan:

1. Open the Compliance tab.
2. In the Navigation tree, select Settings.
3. On the Settings page, click Rescan.

Note: While a scan is running, you cannot work with the Compliance tab.