Achieving Configuration Compliance in a Regulatory Framework

Technical Paper
www.securecomputing.com
Achieving configuration compliance in a regulatory framework - SecureWire IAM appliance delivers comprehensive assistance®Secure Computing has been solving the most difficult network and application security challenges for over 20 years. We help our customers create trusted environments both inside and outside their organizations. Table of contentsIntroduction..........................................................................................................................2Risk of identity theft...............................................................................................................2Regulatory compliance..........................................................................................................3Identity and Access Management (IAM) and why it's an important component for compliance..............................................................................3What is the role of configuration compliance?.......................................................................4Building a compliance framework..........................................................................................5Achieving configuration compliance with SafeWord SecureWire............................................5Conclusion............................................................................................................................6
Secure Computing CorporationCorporate Headquarters4810 Harwood RoadSan Jose, CA 95124 USATel +1.800.379.4944Tel +1.408.979.6100Fax +1.408.979.6501European Headquarters1, The ArenaDownshire WayBracknellBerkshire, RG12 1PU UKTel +44.0.870.460.4766Fax +44.0.870.460.4767Asia/Pac Headquarters1604-5 MLC Tower248 Queen's East RoadWan Chai Hong KongTel +852.2520.2422Fax +852.2587.1333Japan HeadquartersLevel 15 JT Bldg.2-2-1 Toranomon Minato-KuTokyo 105-0001 JapanTel +81.3.5114.8224Fax +81.3.5114.8226For a complete listing of all our global offices, see www.securecomputing.com/goto/globaloffices© June 2006 Secure Computing Corporation. All Rights Reserved. SWire-Config-WP0Jun06vF. Bess, enterprise strong, G2 Firewall, MobilePass, PremierAccess, SafeWord, Secure Computing, SecureOS, SecureSupport, Sidewinder G2, Sidewinder, SmartFilter, SofToken, Strikeback, Type Enforcement, CyberGuard, and Webwasher are trademarks of Secure Computing Corporation, registered in the U.S. Patent and Trademark Office and in other countries. Application Defenses, G2 Enterprise Manager, On-Box, Power-It-On!, RemoteAccess, SecureWire, Securing connections between people, applications, and networks, Sentian, SmartReporter, ZAP, Anti-Virus Multi-Scan, Anti-Virus, PreScan, Live Reporting, MethodMix, and SnapGear are trademarks of Secure Computing Corporation. All other trademarks used herein belong to their respective owners.Introduction To ensure proper compliance with both internal policies and external mandates, organizations must:Companies have devoted significant time and resources to achieve compliance with many pieces o Establish a security policy that encompasses all of legislation, such as HIPAA, Sarbanes-Oxley, and endpoints, and enforce that policy.Gramm-Leach-Bliley. An important element of o Ensure that every endpoint, whether it is an compliance with specific regulations is achieving a www.securecomputing.com internal device, home connection, or a connection compliance framework internally. Compliance with from a client or partner, is also governed by the external mandates can be more easily met by first same security policy.ensuring that the network is compliant with the o Get a clear understanding of which computers internal security policies upon which the legislative and devices have deviated from the approved compliance framework is built. configuration policy, and have a mechanism in Good security is both reactive and proactive, but place to bring those devices back into compliance.many security solutions lack the integration of o Impose authentication and authorization controls these two components. One of the most important over all connections.proactive elements of security is configuration compliance, an emerging field that automates the process of ensuring that every device, system, and Risk of identity theftpipeline in the network adheres to corporate security Achieving and maintaining the trust of the consuming policies, is up to date, and configured appropriately. publi... [download for more]