I have developed different templates for local security policy. I have been using the program Nexpose to test the effects of those security policies but so far I am not able to detect the visible changes of policies on a vulnerability assessment tool. Can anyone guide me how can I measure the effect of local security policy with respect to security attacks?
I want to show USGCB compliance in Nexpose. I need to have a third party tool validation. Whenever I run the enterprise edition of Nexpose it gives me the vulnerabilities, not the policy auditing/compliance. Since I am a noob in the tool and the forums for rapid7 community are not available, can you tell me what steps should I take for getting policy compliance of any particular system in local network running Windows 7?