This report provides details about the security parameters that are configured in the CommCell environment. Many of the parameters provide links to additional reports that contain more detailed information about the security features that are available in the CommCell environment.
The columns in each section of the Security Assessment Report include the following information:
-
Parameter: The name of the security setting, the feature, or the option in the CommCell environment. Many parameters in the Info, the Warning, and the Critical status provide links to additional reports or documentation about how to configure the setting in the Action column.
-
Status: The current status of the parameter, including whether the parameter is in the Good, the Info, the Warning, or the Critical status. To view the thresholds for these statuses on the Health Report Parameters page, click the status.
-
Remarks: A message about the status of the parameter.
-
Action: If there is more information available about the feature or the setting, a link appears that either opens the related documentation or a related report or provides a link to install and deploy a related report, app, or workflow from the Commvault Store. After you use the report, app, or workflow to update security settings, you must wait until after the next data collection process runs to view any changes in the Security Assessment report.
To view this report, in the Health Report, in the Security Assessment Tile, click View Details .
Access Security
The Access Security table displays the user access settings that are configured in the CommCell environment.
Parameter |
Description |
---|---|
Two-Factor Authentication |
An indication of whether two-factor authentication is enabled in the CommCell environment. If this feature is disabled, you can view the documentation about two-factor authentication. In the Action column, click Enable. |
Single Sign-On |
An indication of whether single sign-on providers are configured in the CommCell environment. To view the Single Sign-On Report, which lists the single sign-on providers that are configured in the CommCell, click the link. |
Password Complexity Level |
The complexity level that is configured for password requirements for users in the CommCell environment. There is also an indication of whether the Check Password Complexity workflow is enabled. |
Failed Log-on Attempts Limit |
The number of failed log-on attempts that are allowed for a CommCell user before the user is locked out of the software. If no failed log-on attempt limit is configured, then the status is Critical. |
Account Lock Duration |
After the failed log-on attempt limit is met, the number of minutes that a user is locked out of the software. If no failed log-on attempt limit is configured, then this parameter does not appear in the report. |
Command Center Timeout Period |
The number of minutes that the Command Center is configured to wait before logging out an inactive user. |
CommCell Console Timeout Period |
The number of minutes that the CommCell Console is configured to wait before logging out an inactive user. To view the instructions for configuring the timeout period, click Change. |
Auditing
The Auditing table displays audit tail settings and links to additional security-related reports.
Parameter |
Description |
---|---|
Critical Priority Audit Trail Retention |
The number of years the CommCell environment is configured to retain critical priority audit trail events and the setting that <Companyname> recommends. |
High Priority Audit Trail Retention |
The number of years the CommCell environment is configured to retain high priority audit trail events and the setting that <Companyname> recommends. |
Medium Priority Audit Trail Retention |
The number of years the CommCell environment is configured to retain medium priority audit trail events and the setting that <Companyname> recommends. |
Low Priority Audit Trail Retention |
The number of years the CommCell environment is configured to retain low priority audit trail events and the setting that <Companyname> recommends. |
Security Cleanup Report |
This parameter displays the number of unused entities in the CommCell environment and provides a link to the Cleanup Report. The Cleanup Report displays the names of each unused entity in the CommCell environment, such as the users and the user groups, that might need to be deleted. Entities that are listed include the following:
|
User and User Group Permissions Report |
This parameter provides a link to the User and User Group Permissions Report. The User and User Group Permissions Report displays the name of each user in the Master User Group, the roles assigned to each user, the permissions assigned to each user, and whether the Master User Group is enabled or disabled. |
Platform Security
The Platform Security table displays the encryption settings, the ransomware settings, and the file anomaly detection settings that are configured in the CommCell environment.
Parameter |
Description |
---|---|
Storage Pools Without Primary Encryption |
The number of storage pools that are not configured to encrypt primary backups. This parameter provides a link to a filtered view of the Client Encryption Information Report. |
Storage Pools Without Auxiliary Copy Encryption |
The number of storage pools that are not configured to encrypt auxiliary backup copies. This parameter provides a link to a filtered view of the Client Encryption Information Report. |
Ransomware Protection |
An indication of whether all mount paths are secured against ransomware. If any mount paths are not secured against ransomware, then the parameter displays the Critical status. |
File Activity Anomaly Alert |
An indication of whether the File Activity Anomaly alert is enabled. If the File Activity Anomaly alert is disabled, then the parameter displays the Critical status. To view instructions about how to enable the alert, under Action, click the link. |
Disaster Recovery Backup |
An indication of whether the DR backup is configured to the Commvault cloud library, the cloud library of the user, or the UNC path. To view instructions about how to enable the DR backup to cloud feature, under Action, click the link. |
Key Management Server for Password Encryption |
An indication of whether a key management server is configured in the CommCell environment. To view instructions about how to set up a key management server, under Action, click the link. |
Company and Owners Security
The Company and Owners Security table displays the privacy and the encryption settings that are configured at the CommCell and the client computer level.
Parameter |
Description |
---|---|
Privacy Feature |
An indication of whether the privacy feature is enabled or disabled. If the privacy feature is disabled, then the parameter displays the Warning status. |
Client Encryption |
This parameter provides a link to a filtered view of the Client Encryption Information Report. |
Passkey for Restore Feature |
An indication of whether the passkey for restore feature is enabled in the CommCell environment. Commvault recommends that you enable this feature, but the parameter displays only the Info status, whether the passkey for restore feature is enabled or disabled. |
Capabilities
The Capabilities table displays information about the workflows that can delete entities and the user authentication settings that are required for performing a variety of CommCell operations.
Parameter |
Description |
---|---|
Users with Master Capabilities |
This parameter provides a link to the Users With Master Capabilities Report. This report displays each user that is in the Master User Group. |
Delete Jobs Authorization Workflow |
An indication of whether the Delete Jobs Authorization workflow is downloaded and deployed in the CommCell environment. If the workflow is not installed in the CommCell environment, then this parameter provides a link to the workflow in the Commvault Store and a link to the instructions about how to deploy a workflow. If the workflow is deployed in the CommCell environment but is disabled, then the parameter displays a link to the instructions about how to enable a workflow. |
Delete Backupset Authorization Workflow |
An indication of whether the Delete Backupset Authorization workflow is downloaded and deployed in the CommCell environment. If the workflow is not installed in the CommCell environment, then this parameter provides a link to the workflow in the Commvault Store and a link to the instructions about how to deploy a workflow. If the workflow is deployed in the CommCell environment but is disabled, then the parameter displays a link to the instructions about how to enable a workflow. |
Delete Client Authorization Workflow |
An indication of whether the Delete Client Authorization workflow is downloaded and deployed in the CommCell environment. If the workflow is not installed in the CommCell environment, then this parameter provides a link to the workflow in the Commvault Store and a link to the instructions about how to deploy a workflow. If the workflow is deployed in the CommCell environment but is disabled, then the parameter displays a link to the instructions about how to enable a workflow. |
Delete Library Mount Path Authorization Workflow |
An indication of whether the Delete Library Mount Path Authorization workflow is downloaded and deployed in the CommCell environment. If the workflow is not installed in the CommCell environment, then this parameter provides a link to the workflow in the Commvault Store and a link to the instructions about how to deploy a workflow. If the workflow is deployed in the CommCell environment but is disabled, then the parameter displays a link to the instructions about how to enable a workflow. |
Delete Storage Policy Authorization Workflow |
An indication of whether the Delete Storage Policy Authorization workflow is downloaded and deployed in the CommCell environment. If the workflow is not installed in the CommCell environment, then this parameter provides a link to the workflow in the Commvault Store and a link to the instructions about how to deploy a workflow. If the workflow is deployed in the CommCell environment but is disabled, then the parameter displays a link to the instructions about how to enable a workflow. |
Get And Process Authorization Workflow |
An indication of whether the Get And Process Authorization workflow is downloaded and deployed in the CommCell environment. If the workflow is not installed in the CommCell environment, then this parameter provides a link to the workflow in the Commvault Store and a link to the instructions about how to deploy a workflow. If the workflow is deployed in the CommCell environment but is disabled, then the parameter displays a link to the instructions about how to enable a workflow. |
Restore Request Authorization Workflow |
An indication of whether the Restore Request Authorization workflow is downloaded and deployed in the CommCell environment. If the workflow is not installed in the CommCell environment, then this parameter provides a link to the workflow in the Commvault Store and a link to the instructions about how to deploy a workflow. If the workflow is deployed in the CommCell environment but is disabled, then the parameter displays a link to the instructions about how to enable a workflow. |
Requires User Authentication for Installing Agents |
An indication of whether the CommCell environment requires users to authenticate before they install agent software. If user authentication is not required to install agent software, then the parameter displays the Warning status. |
Key Management Servers |
An indication of whether any key management servers are installed in the CommCell environment. |
Data Loss Prevention |
In CommCell environments that include laptop client computers, an indication of whether the laptop clients have enabled the Data Loss Prevention (DLP) feature. The parameter provides a link to the Data Loss Prevention Report. This report lists each laptop client computer and indicates whether the DLP feature is enabled or disabled. |