Center for Policy & Compliance

 CP&C In Action

CP&C Experts participate in a wide variety of activities, including sitting on industry standards boards, authoring trade journal articles, conducting compliance training, delivering speeches at industry conferences and symposiums and engaging in customer compliance implementation consultations.

Industry standards group memberships:

Industry auditing and security group memberships:

Software industry association memberships:

Compliance Toolkits

	Datasheet: Center for Policy & Compliance
	Datasheet: ECM for Security Update Manager

Configuresoft's Center for Policy & Compliance (CP&C) regularly researches and delivers productized security, regulatory, and operational compliance knowledge via Compliance Toolkits. Each toolkit consists of a set of rule-based templates, reports and dashboards which easily plug into ECM to ensure security and operational compliance within a focused area.

Freely available to our customers, CP&C compliance toolkits can be downloaded from our secure customer portal.

CP&C Compliance toolkits include:

PCI DSS

Comprehensive series of automated checks and controls that correlate and map to the requirements for security hardening as defined by VISA, Mastercard, American Express, Diners Club, Discover and JCB. This granular level approach includes access control, audit control and automated access change monitoring, which ensures an organization’s ability to consistently meet their internal standards.

SOX

Comprehensive series of automated checks and controls that correlate and map with the COSO/COBiT framework, supported by best practices as defined by NIST. This granular level approach includes access control, audit control and automated access change monitoring, which ensures an organization's ability to consistently meet the SOX regulation.

HIPAA

Comprehensive series of automated checks and controls that correlate and map to the Department of Human Health and Services, along with best practices as defined by NIST. This granular level approach includes access control, audit control and automated access change monitoring, which ensures an organization’s ability to consistently meet the HIPAA regulation.

GLBA

Comprehensive series of automated checks and controls that correlate and map to technical controls required by Graham-Leach-Bliley. This granular level approach includes access control, audit control and automated access change monitoring, which ensures an organization's ability to consistently meet the GLBA regulation.

NERC/FERC (North America Electric Reliability Corporation)/(Federal Energy Regulatory Commission)

Comprehensive series of automated checks and controls that addresses a number of requirements within the eight CIP standards. This package includes controls specific to file and system-level access controls, security management and asset discovery controls, audit control and automated access change monitoring, which ensures an organization's automated strategy for NERC/FERC compliance will consistently meet the standard.

ISO17799/27001

Compliance template provides organizations with the ability to quickly assess the security configuration of Windows NT4, 2000, 2003, XP and Vista systems against ISO recommended best practices. The template translates the ISO 17799\27001 guidelines into actionable, continuous compliance rules to ensure your actual enterprise security configuration settings correspond with the recommended hardening guidelines.

FISMA Compliance Toolkit for Windows, UNIX/Linux and Virtual Computing

Comprehensive series of automated checks and controls that correlate and map to industry best practices, along with mandates defined by NIST 800-53. This granular level approach includes access control, audit control and automated access change monitoring, which ensures an organization’s ability to consistently meet FISMA compliance.

DISA Compliance Toolkit for Windows, UNIX/Linux and Virtual Computing

The DISA Security Technical Implementation Guides (STIG) template is a comprehensive series of automated checks and controls for security hardening as developed by DISA and the NSA and endorsed and published by NIST. This granular level approach includes access control, audit control and automated access change monitoring, which ensures an organization’s ability to consistently meet their internal standards.

Energy Savings Toolkit

The Green IT Assessment Toolkit is a package of reports that provides visibility into specific system attributes and settings that organizations can use to measure power consumption. This toolkit also includes Compliance templates to enforce power settings to enable monitor power-off, power down computers after shutdown and remove power options icon from the control panel to limit users ability to alter power settings. This package includes reports for processor utilization and server class identification. The server class report leverages IDC definitions for systems as high-end, mid-range, and volume servers; larger servers consume more power than lower-end volume servers.

FDCC Compliance Toolkit for Windows

The Federal Desktop Core Configuration (FDCC) template is a comprehensive series of automated checks and controls for Windows XP and Windows Vista desktop systems that directly aligns with the FDCC mandate defined by the Office of Management and Budget (OMB). This granular level approach includes access control, audit control and automated access change monitoring, which ensures an organization’s ability to consistently meet FDCC compliance.

CIS Benchmarks for Windows

Comprehensive sets of automated checks and controls that address a number of distinct Windows technical security settings for Windows 2000 (Professional and Server), XP, and 2003 Server platforms. The CIS Windows Toolkits are designed to provide Configuresoft customers with the ability to quickly assess the security configuration of Windows systems against CIS best practices by translating the guidelines into actionable, continuous compliance rules. These rules allow you to ensure that your actual enterprise security configuration settings correspond with the recommended hardening values.

CIS VMware ESX Server Benchmark

The CIS VMware ESX Server Benchmark Hardening Toolkit is a compilation of security configuration actions and settings that can be used to lock down, or "harden" VMware ESX Server systems in accordance with the CIS VMware ESX Server Benchmark v1.0, released October 18, 2007. This comprehensive series of controls addresses file permissions, user accounts, kernel settings, and a number of other specific ESX attributes that can be secured as part of an overall security and compliance strategy in virtual server environments.

Microsoft Hardening Guidelines

Compliance template provides organizations with the ability to quickly assess the security configuration of Windows 2000, 2003, XP and Vista systems against Microsoft recommended best practices. The template translates the Microsoft Windows Security and Hardening Guide into actionable, continuous compliance rules to ensure your actual enterprise security configuration settings correspond with the recommended hardening guidelines.

VMware Hardening Guidelines

Comprehensive series of automated checks and controls that correlate and map to VMware Infrastructure 3 Security Hardening guide. Template allows organizations to evaluate access controls, file permissions, networking components, audit and security policy controls, as well as performing automated access change monitoring for virtual machines, VMware Service Console, ESX Server host and VirtualCenter components.