Compliance and Reporting

The Business Problem

No matter what the business, regulatory and legal mandates are a fact of life. Legislation such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Cardholder Information Security Program (CISP), and the Federal Information Security Management Act (FISMA) have dramatically raised the compliance stakes in the US. In Europe, UK Data Protection Act and Basel II standards require organizations to maintain internal information management controls and audit structures, and procedures for assessing and reporting on the effectiveness of the controls. Asia and the Pacific have similar growing requirements.

From an IT perspective, this means that organizations need to take responsibility for determining what IT assets are in place, define standards for secure asset configurations, implement the configuration, verify asset compliance with defined configurations, and enforce the configuration continuously. In many organizations, implementing these requirements and demonstrating compliance can be extremely difficult and expensive - due to lack of visibility into networked assets, and the challenges of assessing, remediating, verifying and enforcing agreed security configurations.

In addition to external mandates, IT must also insure compliance with corporate standards for IT infrastructures, network operations and computing devices. Compliance to these standards requires the same policy-based model to manage the lifecycle of the software configuration elements throughout the infrastructure, across the network and on every computing device.

The BigFix Solution

BigFix’s Compliance and Reporting solution provides capabilities needed to fulfill IT security requirements related to most contemporary regulatory and IT mandates. Here, BigFix helps implement and enforce configuration standards to support enterprise policies and apply IT technical controls to achieve compliance. Solution attributes include:

• Asset discovery, identification, tracking, and reporting to help determine and document networked device characteristics
• Extensive pre-defined, pre-tested policy libraries to identify and implement secure and best-practice configurations, providing a foundation for organization-specific compliance baselines and standards
• Real-time assessment and monitoring of hardware and software configuration to identity deviation from agreed policies
• Ad-hoc and automated policy-based configuration control to bring desktops, laptops, and servers into policy compliance quickly and responsively
• Continuous configuration enforcement to insure that desktop, laptop, and server computers stay policy-compliant, independent of their location or network connectivity, including disconnected devices
• Comprehensive real-time reporting enables up to the minute compliance status reporting for desktop, laptops and servers organization-wide

Recommended BigFix Solution Components

Configuration Management » Automate change and configuration management of software for Windows, Unix, Linux and Mac OS X devices to speed service delivery, reduce operational costs and improve service levels.

Endpoint Security and Spyware—Protect networked PCs and their sensitive information from malicious software pests, worms and viruses. BigFix solutions help provide comprehensive pest and spyware detection, reporting and removal as well as management, update, and reporting services for third-party endpoint anti-spyware products.

Patch Management—Many regulatory and IT mandates require due diligence in the area of IT governance. A comprehensive patch management process can help provide evidence of due care and fiduciary management of IT resources, as well as adherence to IT standards. BigFix Enterprise Suite Patch Management helps dramatically reduce the time and effort required to execute and verify patches for Windows, Linux, Unix, and Mac OS X computers, and ensures ongoing configuration compliance for applied patches.

Vulnerability Management—Proactively assess, report, and fix security and configuration-based vulnerabilities throughout IT infrastructures in real-time. BigFix Enterprise Suite supports vulnerability and security best practices from SANS, Microsoft, and other sources to help quickly identify and remediate the most common vulnerabilities, and ensure ongoing configuration compliance once the vulnerabilities have been addressed.

Find Out More