Currently, policy rules can only be matched against stored configurations. It would be beneficial to create complex rules that also match against device family, running firmware version, etc. For example, the default Cisco Policy Report has a "Disable Reverse-telnet" rule that checks if "transport input none" is present under console 0 line. Well, this matches all my Catalyst switches, as "transport input" isn't even an option on them -- it's reserved for routers that could actually be console servers. The ability to have rules only apply to specific types of devices would be beneficial in creating complex, complete policy for configuration audit.
