Compliance Sheriff
An Introduction to HiSoftware Compliance Sheriff
Version 4.2
HiSoftware Compliance Sheriff is an application suite of auditing and compliance tools. It allows your organization to implement governance policies around unstructured content in a shared environment, based on the current standards outlined by HIPAA, FISMA, COPPA, Section 508, Section 208, WCAG 1.0, WCAG 2.0, and other commonly observed U.S. and international standards. In addition to these published standards, you can create custom sets of rules to suit your organization’s unique policies and requirements. Compliance Sheriff scans your content against these rule sets, and displays the results in easily understood reports that reveal why content has passed or failed.
Note:This document is compiled from HiSoftware Compliance Sheriff User’s Guide and Universal Design Center, California State University, Northridge documentation
Scans
A scan is a collection of checkpoints that will be executed on the pages of a website. Once a scan has been run, you can use the scan results to createviewsandreports.Scans allow you to run multi-level checks on your site for compliance issues. They can be scheduled by site users with valid permissions.Multi-level checks scan certain levels down into the website, beginning from the start page.
Example of a 2-level scan:
Home page→is located at thelevel 0
Pages associated to every link within the Home page→are located at thelevel 1
Pages associated to every link within the pages at level 1→are located at thelevel 2
When you click on theScanstab, a list of all the scans you've created will appear on the screen. The page defaults to theScanssub-tab, but you can click theGroupssub-tab to see a list of all yourscangroups. You can also select a scan group from theScan Grouppull-down menu in the upper right.You can create a new scan by clickingNew, or delete a scan by checking the appropriate box and clickingDelete. If you clickToggle Filter, text boxes will appear at the top of each column, and you can enter specific values into these boxes to filter your list. CheckDisable auto-updateif you don't want the page to refresh while you're selecting a range of scans.
Create a New Scan
To create a new scan, you must enter a Base URL and select at least one checkpoint group.
1. Click on theScanstab, then click on theScanssub-tab.
2. Click on theNewbutton.
3. In theDisplay Namefield, type a name for the scan. You can use long descriptive names.
4. In theBase URLfield, type the full path name of the site to be scanned.
5. By default, subgroups are not listed in the table. Put a check in the “Show subgroups” boxto show all available subgroups in the list.
6. In theCheckpoint groupstable on the right, select theCheckpoint groupsor/andSubgroupsto be used by the scan, then click on theAddbutton. You must select at least one checkpoint group. (A subgroup is any checkpoint group that is contained by another checkpoint group.)
7. If you would like the scan to begin from a specific site page, enter the address of this page in theStart pagefield.
8. Click on the Save button.
Note: The option provided for testingadditional file formatswhich is to check PDF and WORD documents, is not functioning at this time.
Edit a Scan
1. Click on theScanstab, then click on theScanssub-tab.
2. Locate the scan you wish to edit, and click on its name.
3. Modify the scan properties as needed. To remove a checkpoint group, look for thecheckpoint group's name in the left-sideCheckpoint groupsfield, click in the box next to it, then click on theRemovebutton.
4. Click on theSavebutton.
If you use theSave as newbutton to create a new Scan, you must change theDisplay namefirst
Delete a Scan
1. Click on theScanstab, then click on theScanssub-tab.
2. If the scan you wish to delete is running, stop it first, using theStopbutton on the far right.
3. Select the check box next to the scan's name.
You can select more than one scan to delete at a time.
To select or de-select all scans, you can double-click on the header cell of the check box column, located at the top left.
4. Click on theDeletebutton.
5. A confirmation dialog box will appear. SelectOKto confirm deletion.
Any results that may have existed for the scan will be permanently deleted.
If you elect to delete a scan that has a view associated to it, a confirmation box will appear: "One ormore views refer to the scan(s) you are deleting, and may not continue to function correctly." ChooseOKto delete, orCancelto abort.
Run a Scan
1. Click on theScanstab, then click on theScanssub-tab.
2. Find the scan you wish to execute and click on theRunbutton, located at the far right of the row.Runlaunches the scan immediately. If the scan is marked as "local" in theBase URLcolumn, it will run on your own machine. This option requires theHiSoftware Toolbar.
3. The status will change to "Running."
Scans can also be started automatically by setting up a Schedule.
Stop a Scan
1. Click on theScanstab, then click on theScanssub-tab.
2. Check that the scan status shows asRunning.
3. Click on the associatedStopbutton to stop the scan. TheStopbutton is located in the same place as theRunbutton, at the far right of the row.
View Scan Results
1. After a scan has been run, click on theScanstab, then click on theScanssub-tab.
2. ClickMorein the row corresponding to your scan. TheMorelink is located in the far-right column.
3. Additional fields will appear beneath the row. To view a scan result, clickShow Results.
4. The properties for a view will be displayed. If you have previously specified a view, the view properties will be remembered. (For more information on view properties and how to manage them, please consult the Viewssection of this document.)
The view will only show the results of the current scan.
5. ClickSaveto save the results and view properties of this scan. To cancel, click on theCancel
button.
Schedule Scans
A scan can be scheduled to run at predetermined intervals. Multiple schedules can be defined for a scan. If a scan has no schedule defined the text "schedule" will be displayed in the schedule column. If there are one or more schedules defined the date and time of the next run will be displayed.
Schedule a Scan
1. Click on theScanstab, then click on theScanssub-tab.
2. Locate theScheduledcolumn (on the far right).
3. In the corresponding row, click on the text: It will either appear as "schedule" (meaning no schedule has been created yet), or it will show the date and time of the next scheduled run (meaning a schedule has already been created).
4. Click on theAddbutton to define a schedule.
5. Select the Schedule properties you require.
6. Click on theSavebutton.
7. When you return to the scans list, you will see the date and time of the next scheduled run.
If a scan is scheduled to run more than once per day, but the first run has not completed by the time the next run is scheduled to begin, then this next run will be skipped.
Example:
Schedules: Daily at 3:00pm, 3:30pm and 4:00pm.
If the scan takes 70 minutes to run, then there will be only 1 scan result per day.
Schedules use the time zone defined in theUser preferencesunderSettings. The default time is based on the locale set on the server hosting HiSoftware Compliance Sheriff. Hence, if a user in a different time zone wants to set a schedule on the actual date/time defined for the server, the time difference should be taken in consideration.
Edit a Scan Schedule
1. Click on theScanstab, then click on theScanssub-tab.
2. Click on the current schedule defined for the scan under theScheduledcolumn.
3. You can edit the currentSchedule propertiesdefined: clickAddto set another schedule for the scan, or click on theRemovelink to remove a schedule.
4. ClickAddto define a new schedule.
5. If you want to revert to a manual process, all schedules defined must be removed.
6. ClickSave.
7. On returning to the scans list, you will see the date and time of the next scheduled run, as defined by the schedule you created.
Delete a Scan Schedule
1. Click on theScanstab, then click on theScanssub-tab.
2. Click on the current schedule defined for the scan under theScheduledcolumn.
3. Click on theRemovelink in the far right column.
4. ClickSave.
5. A confirmation dialog box will appear. Click onOKto confirm deletion.
Views
A view is a presentation of data from the results database. A view may contain a graphical chart, a textual summary, or table of results.
When you click theViewstab, a list of the views you have created will appear, along with the date they were last modified. To see what a view looks like, click thepreviewicon in the appropriate row (the icon is a small magnifying glass). Similarly, you can alsogenerate a reportfrom any view. If you have created a long list of views, use theSearchfield to find the view you're looking for.
All dates and times displayed use the time zone specified in the user’s preferences.
Create a View
1. Click theViewstab.
2. ClickNew.
3. In theNamefield, enter a name for the view.
4. In theShow results forfield, you will see three options: scans,scan groups, ormonitors.
Choose which category you want the view to show results for.
5. If you selectedscansin Step 4, a Scans menu will appear in the field below. From this field, choose which scan or scans you would like to be associated with the view (you can select multiple items from each scroll-down menu by holding the CTRL button). If you selectedscan groupsonmonitors, the process is the same. If you have already run the scan(s), scan group, or monitor(s) associated with this view, a preview of the view will appear in the preview pane as you make your selections. ClickDisable auto-updateif you don't want thepreview pane to reload each time you make a change. If you choose this option, you can use theUpdatebutton to refresh the preview.
6. In the Checkpoint Groups field (or Checkpoints field, if you've selected a monitor), select which checkpoint groups should appear in the view. (PLEASE NOTE: You can open or close each field on this page by clicking the arrow buttons in the upper right of each field.)
7. In the Pages field, you can select the specific URLs that the view will display results for.
8. Modify theChart, Summary, andTablefields as desired.
9. Click theSavebutton.
“Save as new” View
Saving a new view with a new name does not provide different or updated content compare to the content of the previous view.
Although multiple views can be created for different user groups, the very first view, which was created the very first time, retrieves information and gets updated every time a scan is run. Saving a new view would not save the current scan result to be retrieved later. Each time a scan is run all the views associated with the scan will be updated to the new scan result.
The comparison data from different scans will be available via the only view saved for the associated scan.
Delete a View
1. Click on theViewstab.
2. Find the View you wish to delete and click in the checkbox to the left of its name, in the first column of the table.
3. Click on theDeletebutton.
4. A confirmation dialog box will appear. Select "OK" to confirm deletion.
If a View is being used in the Dashboard a different confirmation will appear: "One or more user dashboards refer to the View(s) you are deleting, and may not continue to function correctly." ChooseOKto Delete, orCancelto abort.
You can select more than one view to delete at a time.
View Properties
Name
This is the display name of the view, used in the title bar for tabs or panels on the dashboard, and as the title for any generated reports.
Properties for views showing scan results
Scans
From this field, choose which scan or scans you would like to be associated with the view. You can select multiple scans by holding the CTRL button. If you have already run the scan(s) associated with this view, a preview of the view will appear in the preview pane as you make your selections. ClickDisable auto-updateif you don't want the preview pane to reload each time you make a change. If you choose this option, you can use theUpdatebutton to refresh the preview.
Checkpoint Groups
In the Checkpoint Groups field, select which checkpoint groups should appear in the view. You can select multiple checkpoint groups by holding the CTRL button.
By default, the results for all checkpoint groups (as selected in the scan definitions) are included in the view. However, you may choose to report on specific groups.
Pages
In the Pages field, you can select specific URLs that the view will display results for. (PLEASE NOTE: Depending on the scans you've selected, this field may be blank.)
Chart
In the Chart field, you can select a type of chart to display the data you have selected.
Summary
In the Summary field, you can enable or disable the display of information from the scan summary in your view. This information can include any (or none) of the following items:
- Date/Time scan started
- Date/Time scan completed
- Number of pages scanned
- Number of checkpoints tested
View Tables
Tables for views showing scan results
The following table types are available:
Page compliance
The page compliance table shows the individual checkpoint results in an expandable tree, and includes a page count and percentage for each result type (Failed, Warning, Visual, Passed and N/A).
By default, the results can be grouped as follows:
- By result value, then page, then checkpoint group, then checkpoint
- By result value, then page, then checkpoint
- By result value, then scan, then page, then checkpoint group, then checkpoint.
You can customize groupings by accessing Table groupings, located in the Settings tab. Note that the first level of the Page compliance table should always be "Result".
Issue identification
The Issue Identification table shows the individual checkpoint results in an expandable tree, with columns for showing the number of failures in each top-level group.
By default, the table can be grouped as follows:
- By checkpoint group, then by checkpoint, then page
- By checkpoint group, then priority, then checkpoint, then page
- By scan, then by checkpoint group, then checkpoint, then page
- By scan, then page, then group, then checkpoint
- By checkpoint group, then priority, then page, then checkpoint
- By page, then checkpoint group, then checkpoint.
You can customize groupings by accessing Table groupings, located in theSettingstab.
Access the Show Instances Feature From a View
The show instances feature can be accessed from a view, but the view must be set to table typeIssueidentificationorOccurrences. To change a view to one of these two table types, follow the instructions below. If you have already created a view with this table type, skip ahead to Step 6.
1. Click on theViewstab.
2. Click on the name of the View you wish to change.
3. Click on the grayTablebar to open the Tables pull-down menu.
4. From thetable typepull-down menu, select "Issue identification" or "Occurrences". In the example shown below, "Issue identification" has been selected.
5. Click on theSavebutton.
6. Once the views main page has loaded, click on the preview icon (a magnifying glass) in the row associated with the view you want to examine.
7. Locate the link associated with the page you want to open in the show instances feature, and clickon it.
8. The page will be opened in the show instances feature.
Appendix 1: Scan Levels
Log Into Compliance Sheriff
- Username: student
- Password: 123
Click the “Scans” tab
Find Your Department’s Most Recent Scan and Click the “More” Link
Click the “Show Results” Button on the Menu that Appears
Clicking this button will generate a detailed report and take you to the Views tab.
The Views Tab
Your department’s complete ATI Requirements report will be displayed on the right side of the screen, immediately beneath the pie chart.
- Scroll through your detailed site report
- In all, there are 20 ATI Accessibility Requirement groups (see key below)
- Your report will only list Accessibility Requirement Groups your site fails
- In all, there are 20 ATI Accessibility Requirement groups(see key below)
- Broken links are in the section titled “CSU ATI Site Quality Requirements”
- Your report will contain links to pages failing ATI Accessibility Requirements, with links to reference pages describing how to resolve the failures
- Some failures are tied to the Web-One template
- Focus only on the failures that you can control
- In doubt about your report? Contact SM&C, SAIT, or the UDC for assistance
Naming Convention for the New Scans / Views
CSU ATI Accessibility Requirements consists of all the following accessibility checkpoint groups (along with their short description):
CSU ATI Accessibility Requirements Section A ………………...Alternative text for images
CSU ATI Accessibility Requirements Section B ………………...Alternative for multimedia
CSU ATI Accessibility Requirements Section C ………………...Information conveyed by color
CSU ATI Accessibility Requirements Section D ………………...Style sheets
CSU ATI Accessibility Requirements Section E ………………...Server-side image map
CSU ATI Accessibility Requirements Section F ………………...Client-side image map
CSU ATI Accessibility Requirements Section I ………………...Frames and iframes
CSU ATI Accessibility Requirements Section J ………………...Screen movement and flickering objects
CSU ATI Accessibility Requirements Section K ………………...Text-only version of the webpage
CSU ATI Accessibility Requirements Section L ………………...Scripting language
CSU ATI Accessibility Requirements Section M ………………...Document reader or plug-in
CSU ATI Accessibility Requirements Section O ………………...Skip navigation
CSU ATI Accessibility Requirements Section G ………………...Tables
CSU ATI Accessibility Requirements Section H ………………...Complex data table
CSU ATI Accessibility Requirements Section N ………………...Forms
CSU ATI Accessibility Requirements Section P ………………...Timed response
CSU ATI Semantic Requirements ……………………………………..Semantics
CSU ATI ALTQualityRequirements ………………………………….Alternative text validation
CSU ATISiteQualityRequirements ………………………………...Broken links
CSU ATI Links Requirements …………………………………………..Anchor elements