IT managers want easy to install and easy to use management software that fits within their budget and delivers immediate value right out of the box. …That’s the Ecora promise.
Ecora Auditor Professional is a powerful configuration and change reporting solution that collects over a million asset, security, and configuration settings from nearly every operating system, database management system, application, and network device found in an IT infrastructure. The configuration settings are stored in a centralized Configuration Management Database (CMDB) for on-demand, accurate auditing, reporting and change control. Ecora Auditor Professional eliminates the resource-intensive, error-prone manual process of managing enterprise-wide configurations and simplifies ongoing compliance with IT security standards and regulations.
Ecora Auditor Professional includes a web-accessible executive dashboard providing ata- glance validation of compliance to established IT controls, security policies, and configuration standards. The dashboard evaluates configuration information from the CMDB to generate an easy-to-understand pie graph displaying compliant and noncompliant systems as either green (compliant) or red (non-compliant). This enables IT managers to quickly identify non-compliant systems and direct the appropriate personnel to remediate any non-compliant configurations. Dozens of out-of-the-box report and policy templates are included for Sarbanes Oxley, HIPAA, GLBA, 21 CFR Part 11, VISA PCI, FISMA, and NIST IT requirements. You can also create your own reports and policies or customize existing ones.
The Ecora Auditor Professional family also includes:
Ecora Auditor Lite - A free application that collects and reports on hundreds of configuration settings from nearly every system and device in the IT infrastructure. The audit-ready documentation is generated on demand, and archived reports provide an easily accessible audit trail for effective disaster recovery, IT audits, troubleshooting, and consolidations.
Ecora Auditor Basic - An upgrade from Auditor Lite that provides additional functionality by offering dozens of ready-made fact-finding report templates for quick, simplified analysis of critical configuration data such as access rights, NTFS permissions, and password settings.
The Auditor product family supports VMware ESX servers; Microsoft Windows and Exchange servers, SQL Server databases, Active Directory, and workstations; HP-UX, AIX, Solaris, RedHat Linux, and Novell NetWare servers; Oracle databases, Citrix and IIS applications; Lotus Domino servers; and Cisco routers.
Managing any aspect of the Federal Government is complex. Perhaps no part of running the country is as complex as the IT infrastructure. Today – just like their counterparts in commercial business – Agencies rely totally on IT.
The IT infrastructure is an agencies most valuable asset, processing the bulk of governmental business transactions, and storing confidential information on all areas of the government, including financial data, human resource records, and email to name a few. Today most of this information is accessible online. And it's all vulnerable. It must be protected constantly and thoroughly without interrupting business.
As an essential – some would say “the” essential -- ingredient for smooth government functioning, IT has been subject to increased regulation and oversight. The elevated security awareness post 9/11 simply adds another level of urgency to tighten up controls and get every agency working to meet higher standards.
In 2002 President Bush signed into law the Electronic Government Act. Title III of the act is the Federal Information Security Management Act or FISMA – see: http://csrc.nist.gov/policies/FISMA-final.pdf
FISMA made permanent much of the security framework contained in the Government Information Security Reform Act of 2000 (GISRA), which expired in November 2002. FISMA requirements are permanent and broader.
FISMA goes beyond GISRA and other legislation on key issues such as accountability and annual testing and evaluation of security controls. It also mandates broader distribution of annual reports.
It requires each federal agency to develop, document, and implement an agency wide information security program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or source.
The purpose of FISMA:
1. Provide a framework to insure effectiveness of information security controls of information resources supporting Federal operations
