Skip to main content

Certified Desktop: How Is Compliance Computed?


This information is intended for IT professionals. End users should contact local IT administrators with any questions or concerns about their Certified Desktop configuration.

The following list of field definitions will be used in Remedy Asset Management for Certified Desktop compliance reporting.

Asset Management field definitions
Field Name Definition System Status as of 12/05/2018
Serial Number Serial number of the device. MacOS and Windows: Accurate
Computer Name

Name of the device as defined in Configuration Manager (CM) for Windows computers or Jamf Pro for Macs.

Note: The Remedy Asset Management Steering Committee has stipulated that all University-owned computer assets should follow a standard naming convention, with the names all beginning with agree-upon Unit acronyms. Current Active Directory naming prefixes are available here. (Note that CM requires Active Directory, but Jamf does not.)

MacOS and Windows: Accurate
Encrypted
  • Yes: the device has all its fixed volumes encrypted and inventory has been sent within the last 30 days.
  • No: the device does not have all its fixed volumes encrypted (that is, some volumes may be encrypted and others not) and no inventory data has been sent within the last 30 days.

MacOS and Windows: Accurate

Encrypted Date The date and time of the last inventory.
Confidential Data Scan
  • Yes: a scan for confidential data has been run and completed in the last 6 months.
  • No: data was detected on the device, but a scan has not been run in the last 6 months.
Spirion: MacOS and Windows Accurate
Confidential Data Scan Date The date when the last confidential data scan was run.
Screen Lock
  • Yes: a screen lock is enabled and set to trigger at 30 minutes or less and inventory information was sent within the last 30 days.
  • No: a screen lock is not enabled or is set to trigger at longer than 30 minutes, or no information about a screen lock was provided, or inventory data was not sent within the last 30 days.

Note: Windows devices must must have screen lock set according to this documentation for CM to accurately inventory the settings: Certified Desktop Windows Screen Lock Compliance

MacOS: Not Reliable

Windows: Accurate 

Screen Lock Time Amount of time the device may be inactive before the screen lock is triggered.
Screen Lock Date Date of last inventory within the last 30 days.
System Backup
  • Yes: a backup has been completed in the last 30 days.
  • No: a backup has not been completed in the last 30 days or no information about backups was available.

Note: Compliance is based upon last 100% completed backup. Some systems are currently never reaching 100% due to open and locked files, so we are exploring alternative measures.

Code42: Accurate - see Notes.
System Backup Date Date of the last completed backup.
OS Vendor Patching
  • Yes: all required Microsoft OS security patches deployed to CM central patching are installed and their inventory information was sent within the last 30 days.
  • No: not all required Microsoft OS security patches deployed to CM central patching are installed, or their inventory data was not sent within the last 30 days.

Note: Currently only Windows Patching status is being measured, we will also indicate required Apple OS security patches in the future.

Windows Only: Accurate
OS Vendor Patching Date Date of the last inventory.
3rd Party App Patching
  • Yes: all required Windows third-party application patches deployed to CM central patching and there inventory information was sent within the last 30 days..
  • No: not all required Windows third-party application patches deployed to CM central patching are installed, or inventory data was not sent within the last 30 days.

Note: Currently, only Windows Patching status is being measured. We will also indicate required Apple third-party application patches in the future.

Windows Only: Accurate
3rd Party App Patching Date Date of the last inventory.
Malware Protection
  • Yes: CrowdStrike has provided data and the client has checked in with the CrowdStrike cloud in the last 14 days.
  • No: either no data was provided by CrowdStrike, or data was provided but the client has not checked in with the CrowdStrike cloud in the last 14 days.
CrowdStrike: MacOS and Windows Accurate
Emergency Notification
  • Yes: data was detected and the Alertus client has checked in within the last 14 days.
  • No: data was detected but the Alertus client has not checked in within the last 14 days.
Alertus: MacOS and Windows Accurate
Emergency Notification Date Date of the last Alertus check-in.

About this Article

Last updated: 

Thursday, August 29, 2019 - 3:33pm

Audience: 

IT Professionals

Was this page helpful?

Your feedback helps improve the site.

Comments?