Configuresoft to Deliver "Drop & Deploy" IT Control Solution to Meet NIST Standards

Using Enterprise Configuration Manager Corporations Can Automate and Continuously Audit Policy-Based Configurations Against NIST Templates
COLORADO SPRINGS, CO -- 03/29/2005 -- Configuresoft, the recognized leader in highly scalable enterprise policy compliance, configuration management and security patch management technology, today announced the Enterprise Configuration Manager/NIST (ECM/NIST) IT Control Solution. Configuresoft’s Center for Policy & Compliance team members dissected the checklists for Windows NT, Windows 2000, Windows XP and Windows 2003 and created compliance rules to match the NIST standards. By using the power of ECM an organization can easily deal with what has traditionally been a difficult problem, hardening systems on an enterprise-wide basis without causing a disruption in productivity.

Configuresoft’s Center for Policy & Compliance Team (comprised of policy experts, former auditors and early contributors to the Federal mandates and standards), have prepared a comprehensive series of automated checks and controls and include access control, audit control and access change monitoring. By translating regulatory issues and best practices into measurable criteria, an organization’s automated strategy for NIST compliance will consistently meet the standard.

“Policy templates that automate the application of security best practices for network systems offer security managers a powerful tool for reducing network vulnerabilities,” said James L. Allen, manager, Security Professional Services, Verizon Federal Network Systems (FNS). “Empowering security managers with the visibility and assurance they require to achieve consistent, secure, and compliant system configuration is the rigorous approach our customers need to protect network assets while improving operational efficiencies.”

The National Institute of Standards and Technology (NIST) is a government-funded organization that develops and promotes measurement, standards and technology. Mandated by the Cyber Security Research and Development Act of 2002, NIST’s Computer Security Division, has created checklists of baseline configuration standards that can help increase the security of various operating systems. The checklists for technologies include network security: application security; desktop security; and specific server platform security. The checklists have been adopted as industry best practices especially in regards to compliance issues such as FISMA and other regulatory standards.

NIST SP 800-53 is one of a series of key NIST standards and guidelines to help federal agencies improve their security and comply with the Federal Information Security Management Act (FISMA) of 2002. Configuresoft also offers the ECM/FISMA IT Control Solution. This auditor-designed solution, based on the NIST SP 800-37 guidelines, helps agencies to monitor levels of consistency toward the FISMA compliance requirements.

Using Configuresoft’s ECM/NIST IT Control Solution a corporation can collect the most detailed configuration data from every Windows and Linux workstation and server on the network. It will store that information in a centralized SQL database for immediate access, analysis and reporting. Additionally, it will consolidate configuration data from an entire enterprise to a single view to maintain these standards and reduce the complexity of managing a heterogeneous IT infrastructure.

“Although a machine may be fully patched, an unprotected file share could provide an intruder access to sensitive data. So, patching is a necessary, but not sufficient, component of securing a system,” said Chris Farrow, director, Configuresoft’s Center for Policy & Compliance. “Organizations must lock down a system configuration to ensure that only applications that are needed are installed and running -- and that only approved people have access to a specific machine or resources. Organizations using ECM can easily identify systems that do not meet the NIST standards on an ongoing basis allowing administrators to easily keep track of systems and easily reconfigure those systems.”

About Enterprise Configuration Manager

Configuresoft’s flagship product, ECM, automates the management of configuration settings for Windows- and Linux-based servers and clients, and enforces security and IT standards. Going beyond patch management, ECM enforces security policies without human intervention by automatically resetting configurations to their pre-defined standard when they are inadvertently changed. Within the space of configuration management and policy remediation, ECM enables the most detailed monitoring available and automatically mitigates any deltas that were assessed -- ensuring “Dynamic Compliance Controls” throughout the Microsoft® Windows® environment. Designed by working auditors, Configuresoft’s policy templates will offer a comprehensive series of automated checks and controls to correlate with the COSO/CobiT Framework at a granular level.

About Configuresoft

Configuresoft is the recognized leader in highly scalable enterprise policy compliance, configuration management and security patch management technology, serving eight of the “Global 25” corporations. Based in Colorado Springs, Colorado, the company’s products offer large-scale computing environments the ability to collect and analyze the most detailed information available about system application settings, events and operational trends, to a centralized point of management and control. Configuresoft provides the tools to keep mission-critical systems properly configured, while ensuring compliance with stringent regulatory mandates, such as Sarbanes-Oxley, HIPAA, GLBA and FISMA, operational standards and evolving process methodologies. To contact Configuresoft, call 719.447.4600, visit us on the Web at www.configuresoft.com or write to info@configuresoft.com.

Contact Information

Davida Dinerman/Christina Guilbert

Media Contacts

Schwartz Communications

Contact via E-mail