SYMANTEC has announced the Symantec Control Compliance Suite, an upgrade to the bv-Control portfolio of products that helps customers reduce the cost and complexity of IT policy compliance through automated assessment of policies against industry regulations, standards and best practices.
The new data gathering functions, such as agentless reporting and database discovery, offer a comprehensive solution for IT control compliance reporting across disparate platforms, providing a cost-effective method for managing global IT risks.
More than 4,000 customers worldwide currently have Symantec Control Compliance Suite components installed, relying on these automated tools to efficiently govern their IT compliance posture by detecting drift from secure baselines, identifying accounts with blank passwords, and notifying the organisation when administrative accounts receive new members.
Customers are offered auditing capabilities with hundreds of ready-to-run reports using easy customisation options and flexible audit creation in each environment to improve internal and external audits. IT administrators are able to be proactive in the most resource-constrained environments by automating tasks enterprise-wide.
This automated functionality helps to streamline compliance with such regulations as Sarbanes-Oxley, FISMA or HIPAA, while dramatically reducing the costs of doing regular audits.
Tracking compliance to IT controls related to important regulations and frameworks, Symantec Control Compliance Suite provides an efficient means to assess compliance to control systems based on custom mappings between technical standards and frameworks and regulations.
It supplies regulatory content for Sarbanes-Oxley, FISMA, HIPAA, GLBA, Basel II, and framework content for ISO 17799, COBIT, and NIST SP800-53.
The Suite allows customers to produce "Evidence of Review" reporting to facilitate management review of access controls as mandated by Sarbanes-Oxley and other regulations to prove that privilege grants conform to access needs. This is supplied through granular, detailed entitlement reports that show who has access to specific information, what each individual has access to, and who the business owner is for the data.
Customers are offered powerful closed-loop identification and resolution to find and eliminate security vulnerabilties. Detailed remediation instructions are provided to correct deviations and integrate with existing change control ticketing systems, such as Remedy and HP Service Desk, to ensure that changes are made only after appropriate authorisation and with proper oversight.
In addition, IT administrators can establish baseline configurations for all major operating systems by creating a custom technical standard or building a reference template from pre-existing internal standards.
Technical standards can be exported for archive and business continuity purposes.
Technical Standard Packs are available for the following operating systems and applications: Windows, UNIX, Linux, NetWare, SQL Server, Oracle, and Exchange.
Symantec Control Compliance Suite 8.2 includes agentless UNIX reporting, Oracle patch assessment and database discovery, and reporting and database activity auditing on SQL Server 2005.
In addition, customers are provided support for mobile devices connecting to Microsoft Exchange servers. It also integrates with Symantec BindView Policy Manager to provide proof of security configuration compliance with broader corporate policy.