Elemental Security, Inc., the award-winning pioneer of new technology in enterprise information security, today announced that its Elemental Security Platform (ESP) has been certified by the Center for Internet Security (CIS) for the CIS Mac OS X Benchmark v1.02. Elemental´s policy and risk management product is the industry´s first product to complete the CIS´ rigorous certification process for the Mac OS X Benchmark.
The CIS Benchmark is a set of technical standards that draws upon best practices published by The SANS Institute, the National Security Agency (NSA), the National Institute of Standards and Technology (NIST), and the U.S. Defense Information Systems Agency (DISA), as well as consensus guidance from CIS members and users. The CIS Certification program is distinguished from other IT certifications because CIS certified vendor tools support the consensus best practices movement. CIS strategic partnerships with AICPA, IIA and ISACA are advancing the science of security auditing to include measurement of configuration management outcomes.
Elemental has seen growing traction in markets where Mac platform use is prevalent, such as university environments, presenting an expanding opportunity. According to Gartner, Inc., the U.S. Mac OS installed base totals more than 11 million units in 2006.1
“With the constant proliferation of system threats and computer vulnerabilities, enterprises with Mac environments need to take a proactive stance to minimize security risks by ensuring that their systems are in compliance with implemented system security compliance policies,” said CIS President and CEO Clint Kreitner. “This CIS Certification assures Elemental customers that ESP v2.0 accurately and thoroughly compares the configuration of their organizations´ Mac platforms with the relevant baseline security benchmarks defined by user consensus. Elemental enables users to define their security compliance policies with the CIS benchmarks as a guide, and to constantly monitor and audit systems to ensure continued compliance with these established baselines.”
With these certifications, Elemental customers are assured that their security best practices and security benchmark policies are properly implemented in order to assure that Mac OS X computers are configured with the most appropriate security settings. Mac OS X joins the growing list of computing platforms supported by Elemental which have earned CIS benchmark certifications, including Windows 2000, 2000 Pro, and 2000 Server; Windows 2003 Domain Member Server and Domain Controller 2003; Windows XP; UNIX versions of IBM (AIX) and Hewlett-Packard (HP-UX); Red Hat Enterprise Linux; and Sun Solaris.
“The CIS Benchmarks are widely accepted standards that help companies satisfy the configuration and compliance requirements for popular computing platforms, including Macs,” said Elemental Chief Marketing Officer Roy Agostino. “We are pleased to be the first vendor to earn this certification for our growing number of Mac platform customers, to assure that the policy baselines we offer them are in line with the high-security industry benchmarks, as defined by CIS and industry user consensus. This is a unique distinction for Elemental, because few enterprise-class security solutions exist for Mac platforms. Mac users have an advantage because Apple´s BSD derivative operating system provides an improved out-of-the-box security posture.”
In addition to CIS Benchmark policies, ESP offers an extensive suite of policies for all supported platforms for other benchmarks, such as from the NSA, NIST and DISA; and industry best practices, including those published by Microsoft. With ESP, users can assess compliance with established full benchmarks, or can customize these policies to fit their specific environments and individual business objectives. Organizations can deploy these policies and get compliance results across the entire enterprise in minutes.
The award-winning ESP is the only security policy system built from the ground up to make the state and activity of users and computers fully transparent, enabling customers to directly translate their business objectives into specific policies for all users and systems on their networks. Elemental unifies policy management, host configuration, inventory/discovery and role-based access control in one seamlessly integrated offering. Using Elemental, security administrators can easily assess the security posture of machines and networks, and make proactive decisions about managing risk. Security policy and compliance management continue to be top priorities due to increasing frequency and severity of security breaches, and regulations such as Sarbanes-Oxley (SOX), the Payment Card Industry (PCI) Data Security Standard, the Health Insurance Portability and Accountability Act (HIPAA), and the Federal Information Security Management Act (FISMA).