SOX News

C5 Compliance Platform Validated by NIST Accredited Independent Lab

(Feb 04, 2008)-- C5 Compliance Platform as the industry’s first enterprise solution that has achieved the status of a NIST SCAP Validated Tool in their most stringent SCAP Validation Category – FDCC Scanning.
 was released by Secure Elements, pioneer in standards-based IT audit and compliance management.

The Office of Management and Budget (OMB) has mandated that all government agencies implement the FDCC for all Microsoft XP and Vista desktops and laptops by February 1, 2008. Agencies must utilize a SCAP Validated Tool, when available, to verify and then continuously monitor the desktop configurations for FDCC compliance.

The C5 Compliance Platform went through a detailed technical analysis to attest to its ability to process the SCAP data streams, evaluate the Federal Desktop Core Configuration with 100% accuracy, and generate required reports. The certification is timely in order to support the March 31, 2008 deadline for reporting FDCC compliance. The C5 Compliance Platform, purpose built on the SCAP standards and in use by agencies in support of the OMB initiative for the past year, is now the first SCAP Validated Tool. Agencies site several key product differentiators for their selection of our solution:

* Enterprise Ready – Scans remote and distributed desktops with a single appliance – audits hosts through firewalls with NAT (Network Address Translation) enabled and when connected by a VPN to the enterprise – and does NOT alter FDCC security settings
* Solution that goes above and beyond the FDCC – includes out-of-the-box support to adapt and author agency-specific SCAP benchmarks - without requiring an XML editor
* Support for Agency Policies - Share NIST and Agency benchmarks across disparate servers in the enterprise – and aggregate compliance results – with 360 degree analysis
* Enterprise Architecture - built upon a services oriented architecture with full support for WS-I based web services for interoperability with other technologies
* Support for Auditing the “Non-Automated” controls – provides a complete solution, and integrates TODAY with FISMA Reporting solutions such as CSAM and others

The next phase of the OMB mandate requires government agencies to submit their FDCC system audit result from their NIST SCAP Validated Tools to send to NIST for statistical analysis and review.

“The public-private partnerships developed between government and industry in bringing the SCAP Validated Tools and the FDCC initiatives together is evidence that progress is being made towards accountability in securing our infrastructure,” said Ned Miller, CEO of Secure Elements. “Industry and government must continue forward with initiatives addressing secure baselines for server technology, network infrastructure equipment and applications. We believe that SCAP based solutions are poised to evolve beyond security configuration compliance -- and will include other areas of systems and operational management -– such as compliance with energy efficient settings, and other regulatory initiatives such as HIPAA, SOX, PCI, and others.”

Share or bookmarklet this web page at: