Purpose
Security Analysis policies are used to define the context for a security analysis, including the profile (SCAP content) to use, the targets (computers) to run it on, the schedule of when it should be done along with some additional parameters such as acceptable levels for scoring, completion timeouts, remediation, etc. You must create at least one policy to use to perform an analysis which can also be used for remediation. We suggest creating multiple policies whenever any of the values above may differ between sets of computers, scheduling differences or scoring parameters.