Policies are defined states--desired or undesired--associated with devices. A simple example would be to check for "public" SNMP community strings, and when found, notify operations, management and the responsible network engineer of the violation. Polices are not limited to this simple parsing; they also can include checking running configurations and any information stored in a database associated with a particular device's inventory record. This might be a specified version of a configuration, hardware, OS, custom asset fields, or organizational determinations, such as "edge switch."
DeviceAuthority and NA System have made strong advances in this area. For example, both support configuration autoremediation. It's possible to change configuration-policy violations automatically without operator intervention, but most network engineers aren't comfortable with this level of automation .
We also found that these systems have become easier to use, so much so that both Kiwi and Opsware scored perfect 5s in this category, which we graded based on interface navigation, available help, multiple paths, shortcuts, window clutter (actually, lack thereof) and ease of remote usage. Opsware's NA System is more complicated than Kiwi's CatTools, but NA System exposes most functions near the surface, making navigation simple. We loved having a "My Favorites" function on every screen so those well-worn paths didn't wear out our clicking finger. In addition, NA System offers a search function on every page that allowed for quick connections to a device through the proxy telnet or SSH, and let us find just about everything--not just devices, but modules, diagnostics, tasks, sessions, events, users and ACLs.