Understand why FISMA is heating up, what's the impact on Agency IT departments, what role configuration reporting plays, how the right documentation can build a strong audit trail, and how automation fast tracks your compliance plan.
IT Director's Reference Series
Configuration Management and Documentation to Meet Federal IT Compliance Mandates In the Real World... IT managers want easy to install and easy to use management software that fits within their budget and delivers immediate value right out of the box. .That's the Ecora promise. Ecora Auditor Professional is a powerful configuration and change reporting solution that collects over a million asset, security, and configuration settings from nearly every operating system, database management system, application, and network device found in an IT infrastructure. The configuration settings are stored in a centralized Configuration Management Database (CMDB) for on-demand, accurate auditing, reporting and change control. Ecora Auditor Professional eliminates the resource-intensive, error-prone manual process of managing enterprise-wide configurations and simplifies ongoing compliance with IT security standards and regulations. Ecora Auditor Professional includes a web-accessible executive dashboard providing at-a-glance validation of compliance to established IT controls, security policies, and configuration standards. The dashboard evaluates configuration information from the CMDB to generate an easy-to-understand pie graph displaying compliant and non-compliant systems as either green (compliant) or red (non-compliant). This enables IT managers to quickly identify non-compliant systems and direct the appropriate personnel to remediate any non-compliant configurations. Dozens of out-of-the-box report and policy templates are included for Sarbanes Oxley, HIPAA, GLBA, 21 CFR Part 11, VISA PCI, FISMA, and NIST IT requirements. You can also create your own reports and policies or customize existing ones. The Ecora Auditor Professional family also includes: Ecora Auditor Lite - A free application that collects and reports on hundreds of configuration settings from nearly every system and device in the IT infrastructure. The audit-ready documentation is generated on demand, and archived reports provide an easily accessible audit trail for effective disaster recovery, IT audits, troubleshooting, and consolidations. Ecora Auditor Basic - An upgrade from Auditor Lite that provides additional functionality by offering dozens of ready-made fact-finding report templates for quick, simplified analysis of critical configuration data such as access rights, NTFS permissions, and password settings. The Auditor product family supports VMware ESX servers; Microsoft Windows and Exchange servers, SQL Server databases, Active Directory, and workstations; HP-UX, AIX, Solaris, RedHat Linux, and Novell NetWare servers; Oracle databases, Citrix and IIS applications; Lotus Domino servers; and Cisco routers. Ecora Software - Solutions for Managing IT in the Real World. For more information about Ecora Software www.ecora.com or 1.877.923.2672
Configuration Management to Meet Federal IT Compliance 2Property of Ecora Software Index
CONFIGURATION MANAGEMENT AND DOCUMENTATION TO MEET FEDERAL IT COMPLIANCE MANDATES ....................................................................................... 4
Introduction .................................................................................................................................................. 4 The purpose of FISMA: ........................................................................................................................... 4 Key features of FISMA; ........................................................................................................................... 5
NIST Takes Action ....................................................................................................................................... 6
Configuration Management and Documentation and NIST Guidelines ................................................. 6 Phase 1 - Initiation ................................................................................................................................... 7 Phase 2- Certification............................................................................................................................... 8 Phase 3 - Accreditation Phase............................................................................................................... [download for more]
