FISMA News

HIPAA Compliant Cloakware Server Password Manager 3.2 Released

(July 30, 2007)-- Cloakwar, the security solutions provider that makes security inseparable from software, announced the immediate availability of Cloakware Server Password Manager (CSPM) 3.2, the first commercial solution to automatically and securely manage both privileged and application-to-application (A2A) passwords in the data center. This enables enterprises to increase the security of critical data and complete their identity management and compliance programs. CSPM 3.2 scales to meet the needs of even the largest companies in the most regulated markets.

CSPM is the first commercially-supported product to provide comprehensive management of both the passwords that connect administrators to critical network infrastructure and passwords that connect applications to other applications. Enterprises of all sizes have thousands of unattended privileged
and A2A passwords that are changed rarely, if ever. Organizations are now under pressure to comply with commercial and federal legislation (such as SOX, PCI, HIPAA, FISMA, etc.) that either implicitly or explicitly requires all passwords within an enterprise be managed and changed on a regular basis.

"We see a definite and growing need in the market for privileged and A2A password management," said Joe Oster, chief executive officer of Structured Technologies. "Securely managing, updating and changing these passwords can be an unwieldy and nearly impossible process to manage if done manually. By partnering with Cloakware to provide a secure, automated password management system, we are easing the heavy burden of compliance."

CSPM is a commercial off-the-shelf (COTS) solution that seamlessly integrates with existing configuration/change management systems and performs across current and legacy systems to streamline the password management process. CSPM 3.2 now supports multiple delivery methods and platforms as well as a broader set of credentials, allowing organizations to improve compliance, protect confidential data, decrease system downtime and lower operating costs across the enterprise.

 "CSPM is a proven solution because it can save companies millions of dollars by quickly and smoothly
integrating with the current data center to eliminate manual updates of A2A and privileged passwords - all while improving overall efficiency, security and compliance." said Jeff Waxman, chief executive officer at Cloakware

Enhancements in CSPM 3.2 build on current successful global deployments to further ease integration into the data center infrastructure, thus increasing the speed with which organizations may improve security and reach compliance mandates. New features in CSPM 3.2 include:

-- Improved Administrator Authentication Controls: New Administrator Authentication Connectors are preconfigured plug-ins that authenticate administrators using any of several methods. New methods supported out-of-the-box are Kerberos, Active Directory and X.509 certificates, in addition to the CSPM Internal, LDAP, and RSA SecureID methods supported previously. Source code is also provided for the development of new or custom connectors. Another enhancement is the ability to set an administrator's Groupings membership independently from the authentication method used.

-- Real-time Audit: The CSPM log system now supports real-time audit logging in external syslog format, as well as the previous report-based logging. Benefits of the new log system include the capability to monitor logs in real time and raise alerts when specified trigger conditions are met.

-- Support for Additional Platforms: The CSPM Client is now supported on HP PA-RISC2 hardware running HP-UX 11.11, and Intel-architecture platforms running Microsoft Windows XP (Home or Professional), in addition to previously supported platforms.

-- Support for New Installation-Defined Credentials: CSPM 3.2 can securely store, release and distribute credentials that contain arbitrary binary objects. This now includes certificates or symmetric encryption keys in addition to the traditional ID and password credentials.

Share or bookmarklet this web page at: