FISMA News

Configuresoft Expands Security and Compliance Coverage to Include CIS VMware ESX 3.x Server Benchmark

(Aprl 09, 2008)-- Configuresoft announced that it has enhanced its continuous compliance and security capabilities for VMware environments with support for the Center for Internet Security (CIS) VMware ESX Server Benchmark. Support for this Benchmark enables IT Operations to easily measure compliance with best practices for hardening virtual environments from a broad consensus of industry experts.

Last year, at a birds-of-a-feather session at RSA, CIS and Configuresoft developed a benchmark working group and with input from more than 200 virtualization and security experts from the commercial market, federal organizations, manufacturers and the software industry created the industry's first virtual machine security benchmark. CIS benchmarks and guidelines are unique in the industry in that they are created via broad consensus. This benchmark extends and enhances the hardening guidelines offered by the manufacturers by consolidating the expert opinion of the world's leading security professionals.

Configuresoft's Enterprise Configuration Manager (ECM) for Virtualization extends the IT organizations ability to visualize and manage virtual environments providing end-to-end, at-a-glance visibility across VMware environments. With Configuresoft's Enterprise Configuration Manager (ECM) for Virtualization and the CIS ESX Server Benchmark template, IT organizations can automatically measure and manage compliance across the VMware environment including hardening guidelines for installation, network security settings, logging, file permissions, user accounts and many other issues resulting from the rapid adoption of virtualization in today's datacenter.

"Virtualization offers IT departments opportunities to reduce cost and increase agility; however, if this is done without implementing best practices for security and compliance, the resultant security incidents will increase costs and reduce agility," said Neil MacDonald, vice president and Gartner fellow. "Existing tools and technologies may not work correctly in a virtualized environment, leading to limited visibility and a false sense of security. Organizations must ensure their established security and management processes embrace the virtual world."

Configuresoft's Center for Policy and Compliance (CP&C) has led the industry in forming opinion and bringing together published security and compliance information to build a rich library of compliance toolkits that are available for download by Configuresoft customers from www.configuresoft.com. These CP&C Compliance Toolkits include:

-- VMware Infrastructure 3 Security Hardening Guidelines and
VMware Virtual Center Best Practices

-- FISMA Compliance Toolkit for Virtual Computing

-- GLBA Compliance Toolkit for Virtual Computing

-- HIPAA Compliance Toolkit for Virtual Computing

-- Sarbanes-Oxley (404) Compliance Toolkit for Virtual Computing

-- DISA STIG Compliance Toolkit for Virtual Computing

Configuresoft's Configuration Intelligence for Virtualization addresses the increased complexities virtualization presents by centralizing and automating the monitoring, managing and auditing of physical (host) and virtual (guest) assets across an organization's infrastructure. Further it delivers unparalleled visibility, security and control, enabling IT organizations to meet the demands of virtualized environments.

Share or bookmarklet this web page at: