Security analysis policies define the context for a security analysis, such as the following parameters:
- the profile (SCAP content) used
- the targets (computers) to run it on
- the schedule of when it will be run
- acceptable levels for scoring
- completion timeouts
- remediation
You must create at least one policy to perform an analysis which can also be used for remediation. We suggest creating multiple policies whenever any of the values above may differ between sets of computers, scheduling differences, or scoring parameters.