Configuresoft Unveils DISA Security Technical Implementation Guides Compliance Toolkit; Using Enterprise Configuration Manager Agencies can Automate and Continuously Audit Policy-based Configurations Against DISA & NSA Standards.COLORADO SPRINGS Colorado Springs, city (1990 pop. 281,140), seat of El Paso co., central Colo., on Monument and Fountain creeks, at the foot of Pikes Peak; inc. 1886. It is a year-round resort and a booming military, technological, and commercial city. , Colo. -- Configuresoft, an innovator in systems management technology and the creator of enterprise continuous compliance management, today announced the DISA 1. (body) DISA - Defense Information Systems Agency. 2. (standard) DISA - Data Interchange Standards Association. Security Technical Implementation Guides (STIG) Compliance Toolkit. The toolkit is a comprehensive series of automated checks and controls for security hardening See OS hardening. developed by DISA (the Defense Information Systems Agency) and the NSA NSA abbr. National Security Agency Noun 1. NSA - the United States cryptologic organization that coordinates and directs highly specialized activities to protect United States information systems and to produce foreign (the National Security Agency) and endorsed and published by NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. . By using the power of Configuresoft Enterprise Configuration Manager (ECM (1) (Enterprise Change Management) See version control and configuration management. (2) (Error Correcting Mode) A Group 3 fax capability that can test for errors within a row of pixels and request retransmission. ) an agency can easily secure its operating systems without disrupting productivity. This granular level approach includes automated access control, audit control and access change monitoring, which enables a Federal organization to consistently meet these regulations and ensure security. This helps an organization continually meet its security goals and drive down the cost of doing so through operational efficiencies. "DISA is the authority for the DoD in areas of compliance and information assurance. Their published standards and guidelines have greatly increased the security of networks in DoD organizations," said Michael Dunbar, regional VP of Configuresoft Federal Sales. "The challenge for agencies in their quest for compliance is the need to continually measure and analyze all servers, desktops and systems against those standards in order to understand how far they have shifted and drifted from the standard. It's inevitable that planned and unplanned change will cause varying levels of non-conformance. In order to affect a methodology for moving agencies back to the norm, they must apply a comprehensive, automated and continuous assessment against that norm." Configuresoft's Center for Policy & Compliance Team which is comprised of policy experts, former auditors and early contributors to the Federal mandates and standards, have prepared a comprehensive series of automated checks and controls that includes access control, audit control and access change monitoring. By translating regulatory issues and best practices into measurable criteria, this Toolkit will help an organization meet its automated strategy for DISA and NSA compliance. The National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. (NIST) is a government-funded organization that develops and promotes measurement, standards and technology. Mandated by the Cyber Security Research and Development Act of 2002, NIST's Computer Security Division, has created checklists of baseline configuration standards that can help increase the security of various operating systems that are, or will likely become, widely used within the Federal government. The checklists for technologies include: network security, application security, desktop security and specific server platform security. The checklists have been adopted, and in some cases required, as industry best practices intended to address regulations such as FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act and DoD Directives 8500.1 and 8500.2. Using Configuresoft's DISA Security Technical Implementation Guides (STIG) Compliance Toolkit Federal agencies and DoD organizations can collect the most detailed configuration data from every Windows, UNIX UNIX Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). and Linux workstation and server on the network. It will store that information in a centralized SQL SQL in full Structured Query Language. Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. database for immediate access, analysis and reporting. Additionally, it will consolidate configuration data from an entire enterprise to a single view to maintain these standards and reduce the complexity of managing a heterogeneous IT infrastructure. "Federal agencies and DoD organizations must be able to discover vulnerabilities, assess risk and implement technical controls to ensure the security in their IT environments," said Chris Farrow farrow see farrowing. , director of Configuresoft's Center for Policy & Compliance. "Organizations that adhere to security and compliance requirements will find this task much easier if they can implement and audit a proper compliance strategy and then automate compliance enforcement. By demonstrating effective IT controls, ECM enables corporations to continuously automate, monitor and document their compliance efforts to established auditing standards." About Enterprise Configuration Manager ECM centralizes and automates the tasks of continuously monitoring, managing and auditing the hardware and software configurations deployed in large enterprise networks to ensure they are policy compliant. By standardizing server and client configurations, ECM ensures operational compliance to regulatory, industry and corporate standards throughout a computing infrastructure. Sustained by the industry's most proven scalable architecture, ECM collects detailed critical configuration data from each Windows, UNIX and Linux server and workstation--storing that information in a centralized database for immediate access, analysis and reporting. ECM enforces security policies by automatically resetting configurations to their pre-defined standards when an unauthorized change (or deviation) occurs. These powerful capabilities help IT organizations keep their critical systems properly configured, while ensuring security compliance with regulatory requirements such as HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, , GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve , Sarbanes-Oxley and FISMA. About Configuresoft Configuresoft is an innovator in systems management technology, serving eight of the world's 25 largest companies. Based in Colorado Springs, Colorado The City of Colorado Springs is the second most populous city (after Denver) in the state of Colorado and the 48th most populous city in the United States.[4] The city is the county seat of El Paso County. , the company offers enterprise configuration, policy compliance and remediation products that span both operations and IT security. At a time in which organizations must maintain a continuous state of audit throughout their infrastructure, Configuresoft ensures these environments conform to any desired or mandated state. To contact Configuresoft, call 719.447.4600, visit us on the Web at www.configuresoft.com or write to info@configuresoft.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion