Management apparatus and method for controlling management apparatus

What is claimed is: 1 . A management apparatus for managing a device capable of communicating on a network, the management apparatus comprising: a first management unit configured to manage a security policy indicating a setting value of a setting item for security for a device; a selection unit configured to select a device to which the managed security policy is to be distributed; a setting unit configured to set a first password required to reflect the security policy on the selected device or change the security policy in the selected device; a generation unit configured to generate distribution data including the security policy and the set first password; and a distribution unit configured to distribute the generated distribution data to the selected device. 2 . The management apparatus according to claim 1 , further comprising a second management unit configured to manage device information of a device serving as a management target, wherein, if the second management unit manages a first password for the selected device, the setting unit sets the managed first password as a password to be used for distribution data to be generated by the generation unit. 3 . The management apparatus according to claim 1 , wherein the generation unit generates distribution data further including setting information including a setting value of a setting item different from the setting item for the security policy, wherein, if a first password managed by the device matches the first password included in the generated distribution data, the security policy included in the generated distribution data and a setting value of a setting item that is included in the setting information and does not violate the security policy are reflected on the device to which the generated distribution data has been distributed, and wherein, if the first password managed by the device does not match the first password included in the generated distribution data, the security policy included in the generated distribution data is not reflected on the device to which the generated distribution data has been distributed, but the setting value included in the setting information is reflected on the device. 4 . The management apparatus according to claim 1 , further comprising: an acquisition unit configured to acquire from a device a security policy in which a first password is set; and a deletion unit configured to delete the first password from the acquired security policy, wherein the first management unit manages the security policy from which the first password has been deleted. 5 . The management apparatus according to claim 4 , wherein the first management unit manages the security policy from which the first password has been deleted and the first password originally set in the security policy, in association with each other, and wherein, when the generation unit generates distribution data using the acquired security policy and if a predetermined condition is satisfied, the setting unit sets the first password managed in association with the security policy. 6 . The management apparatus according to claim 1 , further comprising: a reception unit configured to, when the security policy managed by the first management unit is to be exported as a file, receive entries of a first password and a second password, the second password being related to encryption and decryption; an encryption unit configured to encrypt information including the security policy and the entered first password so that the information is able to be decrypted using the entered second password; and an output unit configured to export the encrypted information as a file. 7 . The management apparatus according to claim 1 , wherein a device restricts use of a function according to the security policy. 8 . The management apparatus according to claim 1 , wherein the security policy includes a setting item for a restriction on a transmission function of a device or on an interface. 9 . A method for controlling a management apparatus for managing a device capable of communicating on a network, the method comprising: managing a security policy indicating a setting value of a setting item for security for a device; selecting a device to which the managed security policy is to be distributed; setting a first password required to reflect the security policy on the selected device or change the security policy in the selected device; generating distribution data including the security policy and the set first password; and distributing the generated distribution data to the selected device. 10 . A computer-readable storage medium storing a program for causing a computer to execute a method for controlling a management apparatus for managing a device capable of communicating on a network, the method comprising: managing a security policy indicating a setting value of a setting item for security for a device; selecting a device to which the managed security policy is to be distributed; setting a first password required to reflect the security policy on the selected device or change the security policy in the selected device; generating distribution data including the security policy and the set first password; and distributing the generated distribution data to the selected device.