configuresoft unveils disa security technical implementation guides compliance toolkit

By | January 23, 2006

COLORADO SPRINGS, Colo. Jan. 23, 2006–Configuresoft, an innovator in systems management technology and the creator of enterprise continuous compliance management, today announced the DISA Security Technical Implementation Guides (STIG) Compliance Toolkit. The toolkit is a comprehensive series of automated checks and controls for security hardening developed by DISA (the Defense Information Systems Agency) and the NSA (the National Security Agency) and endorsed and published by NIST.

By using the power of Configuresoft Enterprise Configuration Manager (ECM) an agency can easily secure its operating systems without disrupting productivity. This granular level approach includes automated access control, audit control and access change monitoring, which enables a Federal organization to consistently meet these regulations and ensure security. This helps an organization continually meet its security goals and drive down the cost of doing so through operational efficiencies.

“DISA is the authority for the DoD in areas of compliance and information assurance. Their published standards and guidelines have greatly increased the security of networks in DoD organizations,” said Michael Dunbar, regional VP of Configuresoft Federal Sales. “The challenge for agencies in their quest for compliance is the need to continually measure and analyze all servers, desktops and systems against those standards in order to understand how far they have shifted and drifted from the standard. It´s inevitable that planned and unplanned change will cause varying levels of non-conformance. In order to affect a methodology for moving agencies back to the norm, they must apply a comprehensive, automated and continuous assessment against that norm.”

Configuresoft´s Center for Policy & Compliance Team which is comprised of policy experts, former auditors and early contributors to the Federal mandates and standards, have prepared a comprehensive series of automated checks and controls that includes access control, audit control and access change monitoring. By translating regulatory issues and best practices into measurable criteria, this Toolkit will help an organization meet its automated strategy for DISA and NSA compliance.

The National Institute of Standards and Technology (NIST) is a government-funded organization that develops and promotes measurement, standards and technology. Mandated by the Cyber Security Research and Development Act of 2002, NIST´s Computer Security Division, has created checklists of baseline configuration standards that can help increase the security of various operating systems that are, or will likely become, widely used within the Federal government.

The checklists for technologies include: network security, application security, desktop security and specific server platform security. The checklists have been adopted, and in some cases required, as industry best practices intended to address regulations such as FISMA and DoD Directives 8500.1 and 8500.2.

Using Configuresoft´s DISA Security Technical Implementation Guides (STIG) Compliance Toolkit Federal agencies and DoD organizations can collect the most detailed configuration data from every Windows, UNIX and Linux workstation and server on the network. It will store that information in a centralized SQL database for immediate access, analysis and reporting. Additionally, it will consolidate configuration data from an entire enterprise to a single view to maintain these standards and reduce the complexity of managing a heterogeneous IT infrastructure.

“Federal agencies and DoD organizations must be able to discover vulnerabilities, assess risk and implement technical controls to ensure the security in their IT environments,” said Chris Farrow, director of Configuresoft´s Center for Policy & Compliance. “Organizations that adhere to security and compliance requirements will find this task much easier if they can implement and audit a proper compliance strategy and then automate compliance enforcement. By demonstrating effective IT controls, ECM enables corporations to continuously automate, monitor and document their compliance efforts to established auditing standards.”

About Enterprise Configuration Manager

ECM centralizes and automates the tasks of continuously monitoring, managing and auditing the hardware and software configurations deployed in large enterprise networks to ensure they are policy compliant. By standardizing server and client configurations, ECM ensures operational compliance to regulatory, industry and corporate standards throughout a computing infrastructure. Sustained by the industry´s most proven scalable architecture, ECM collects detailed critical configuration data from each Windows, UNIX and Linux server and workstation–storing that information in a centralized database for immediate access, analysis and reporting. ECM enforces security policies by automatically resetting configurations to their pre-defined standards when an unauthorized change (or deviation) occurs. These powerful capabilities help IT organizations keep their critical systems properly configured, while ensuring security compliance with regulatory requirements such as HIPAA, GLBA, Sarbanes-Oxley and FISMA.

About Configuresoft

Configuresoft is an innovator in systems management technology, serving eight of the world´s 25 largest companies. Based in Colorado Springs, Colorado, the company offers enterprise configuration, policy compliance and remediation products that span both operations and IT security. At a time in which organizations must maintain a continuous state of audit throughout their infrastructure, Configuresoft ensures these environments conform to any desired or mandated state. To contact Configuresoft, call 719.447.4600, visit us on the Web at www.configuresoft.com or write to info@configuresoft.com.

Leave a Reply