Report: Symantec Solutions for Federal Government: CyberScope



Similar documents
How To Monitor Your Entire It Environment

Optimizing the Data Center for Today s Federal Government

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

White Paper: Consensus Audit Guidelines and Symantec RAS

The Impact of HIPAA and HITECH

Symantec Control Compliance Suite. Overview

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Optimizing the Data Center for Today s State & Local Government

Leveraging a Maturity Model to Achieve Proactive Compliance

Self-Service SOX Auditing With S3 Control

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Total Protection for Compliance: Unified IT Policy Auditing

8 Key Requirements of an IT Governance, Risk and Compliance Solution

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Continuous Monitoring in a Risk Management Framework. US Census Bureau Oct 2012

Symantec Control Compliance Suite Standards Manager

IBM Tivoli Endpoint Manager for Security and Compliance

BMC Client Management - SCAP Implementation Statement. Version 12.0

IBM Tivoli Endpoint Manager for Security and Compliance

Security Compliance and Data Governance: Dual problems, single solution CON8015

FY14 Q2 Chief Information Officer Federal Information Security Management Act Reporting Metrics v1.0

Cyber Governance Preparing for the Inevitable Perimeter Breach

Symantec Residency and Managed Services

NetIQ FISMA Compliance & Risk Management Solutions

Frequently Asked Questions. Frequently Asked Questions: Prioritizing Trust: Certificate Authority Security Best Practices

Reaching New Heights: Providing Consistent and Sustainable High Performance at the State Level

Securing Your Software for the Mobile Application Market

FISMA Compliance: Making the Grade

Leveraging security from the cloud

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

VA Office of Inspector General

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

2014 Audit of the Board s Information Security Program

Endpoint Security for DeltaV Systems

NARA s Information Security Program. OIG Audit Report No October 27, 2014

Simply Sophisticated. Information Security and Compliance

Audit of the Board s Information Security Program

Payment Card Industry Data Security Standard

Complying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Federal Desktop Core Configuration (FDCC)

Supporting FISMA and NIST SP with Secure Managed File Transfer

Altiris Server Management Suite 7.1 from Symantec

Addressing FISMA Assessment Requirements

HiSoftware Policy Sheriff. SP HiSoftware Security Sheriff SP. Content-aware. Compliance and Security Solutions for. Microsoft SharePoint

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

Cybersecurity in the States 2012: Priorities, Issues and Trends

Continuous Diagnostics & Mitigation:

Security Control Standard

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge

Review: McAfee Vulnerability Manager

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness

CA Vulnerability Manager r8.3

IBM Tivoli Netcool network management solutions for enterprise

Solving the Security Puzzle

Security Information and Event Management

How To Buy Nitro Security

Enterprise Security Governance, Risk and Compliance System. Category: Enterprise IT Management Initiatives. Initiation date: June 15, 2013

Solving the CIO s Challenge For More Efficient and Resilient Business Technology Supply Chain Management

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

How To Use A Policy Auditor (Macafee) To Check For Security Issues

Taking the Leap to Virtualization

2015 List of Major Management Challenges for the CFPB

Qualys PC/SCAP Auditor

VA Office of Inspector General

QRadar SIEM 6.3 Datasheet

Symantec Security Program Assessment

Datacenter Management and Virtualization. Microsoft Corporation

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

CA Automation Suite for Data Centers

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January kpmg.com

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Managed Security Services D e l i vering real-time protection to help organizations st r e n g t h e n their security posture in the face of today s

The Emergence of Security Business Intelligence: Risk

An Enterprise Continuous Monitoring Technical Reference Architecture

Altiris Asset Management Suite 7.1 from Symantec

10 Steps to Establishing an Effective Retention Policy

Strengthen security with intelligent identity and access management

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

Real-Time Security for Active Directory

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Asset Discovery with Symantec Control Compliance Suite

CA Service Desk Manager

Department of Veterans Affairs VA Directive 6004 CONFIGURATION, CHANGE, AND RELEASE MANAGEMENT PROGRAMS

McAfee Security Architectures for the Public Sector

SOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?

Transcription:

CyberScope and Tighter Cybersecurity y Reporting Requirements: Are You Ready?

Report: Symantec Solutions for Federal Government: CyberScope CyberScope and Tighter Cybersecurity y Reporting Requirements: Are You Ready? Contents Introduction............................................................................................ 1 FISMA Requirements and Challenges for Agencies and Departments.......................................... 1 Best Practices to Support CyberScope and FISMA........................................................... 2 How Symantec Can Help.................................................................................. 2 Summary............................................................................................... 3

CyberScope and Tighter Cybersecurity Reporting Requirements: Are You Ready? Introduction Federal Information Security Management Act (FISMA) standards designed to enhance the information security posture of agencies and departments have a significant impact on the methods and frequency of monitoring and reporting securityrelated information. According to a memorandum from the Office of Management and Budget (OMB) dated April 21, 2010, Agencies need to be able to continuously monitor security-related information across the enterprise in a manageable and actionable way. Chief Information Officers (CIOs), Chief Information Security Officers (CISOs) and other agency management all need to have different levels of this information presented to them in ways that enable timely decision making. To do this, agencies need to automate security related activities, to the extent possible, and acquire tools that correlate and analyze security-related information. Agencies need to develop automated risk management models and apply them to the vulnerabilities and threats identified by security management tools. A key component of these standards, CyberScope, is an interactive information collection tool designed to help agencies fulfill their IT security reporting requirements. In testimony presented to the Senate Homeland Security and Governmental Affairs Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, Federal CIO Vivek Kundra stated, CyberScope s extensive platform is the performance-based solution to years of inefficient and unsecured collection of agency security data. With FISMA reporting through CyberScope which began November 15, 2010 and compliance with monthly reporting commencing on January 1, 2011, agencies must act quickly. Can their current methods of monitoring and reporting support these FISMA requirements and allow them to leverage the CyberScope tool? If not, what process and tools should they consider incorporating in their security management programs? FISMA Requirements and Challenges for Agencies and Departments Currently, to comply with existing FISMA standards most federal agencies email and submit hardcopies of individual spreadsheets compiled manually and with a breadth of disparate tools. The process is time consuming, labor intensive, unsecure, and like all manual processes it is subjective & subject to human error. Although the process satisfied previous requirements it was neither qualitative, continuous nor automated and therefore unable to support new guidelines. In addition, security and compliance teams often lack real-time, comprehensive visibility into networks, assets, and the configurations for the enterprises they secure. Legacy tool-sets lack integration and standards capabilities such as support for the National Institute of Standards and Technology (NIST) Security Content Automation Protocol (SCAP) for continuous monitoring and information sharing per the most recent FISMA and OMB memorandum. The resulting information remained in silos and reporting challenges increase the risk of unknown security gaps such as rogue networks and devices and unauthorized software. Further, the ability to provide meaningful analysis and insight useful in determining the security posture of the federal government overall is severely hampered. In order to meet the rigors of these FISMA mandates and leverage the CyberScope Web portal, agencies and departments need to instrument best practices and solutions to: Increase productivity through automation. 1

CyberScope and Tighter Cybersecurity Reporting Requirements: Are You Ready? Integrate and orchestrate information security activities for infrastructure security visibility and compliance. Adopt regulatory or risk management frameworks with SCAP-validated tools that support NIST standards. Simplify operational and reporting activities for enterprise IT Risk Management from the operator to the CISO. Best Practices to Support CyberScope and FISMA New best practices and solutions will allow agencies to shift millions of dollars now spent producing reports to acquiring automated systems and processes that will meet tighter security mandates and ultimately reduce the cost of FISMA compliance. In order to streamline support for FISMA and facilitate the use of the CyberScope portal these new systems and processes must be designed to support the Four A s: Automated - Move from manual and proprietary integrations to an automated system based on leveraging standards, for example SCAP-based metadata exchanges with CVE, CCE, CPE & CVSS. Accurate - Ensure accuracy based upon discovery and SCAP-based audit. Asset-centric - Built on an asset-centric data model to support robust reporting and compliance support as a by-product of security. Audit - Audit networks, end points, and operating systems for violations against internal policies, the US Government Configuration Baseline and Security Technical Implementation Guides (STIGS) to identify vulnerabilities, configuration problems, etc. How Symantec Can Help Symantec Risk Automation Suite is ideally suited to meet these FISMA mandates and leverage the CyberScope tool. As the leading fully SCAP-validated enterprise class risk management solution, Symantec Risk Automation Suite helps agencies improve business processes and enhance enterprise visibility by automatically measuring IT and security compliance within hours of installation. It does this by using and sharing specific SCAP standards to enable continuous, high-speed, discovery for driving vulnerability management, measurement, remediation, and policy compliance evaluation across all existing assets and infrastructure solutions. Symantec Risk Automation Suite also streamlines the traditionally complex and manual processes of risk management and compliance, putting the IT risk and security information at the fingertips of those who require it from the security administrator to the CISO. Because the solution is fully integrated with existing third-party and Symantec solutions, agencies can benefit from SCAP-based integrations and data sharing while improving their overall return on investment in existing infrastructure tools. Specific capabilities that provide out-of-the box support for the CyberScope portal include: Real-time Threat Analysis Asset Discovery Vulnerability Management Closed-loop Remediation Automation Configuration Management CyberScope Compliance Reporting - with full support for Lightweight Asset Summary Reporting (LASR) 2

CyberScope and Tighter Cybersecurity Reporting Requirements: Are You Ready? By taking an integrated and automated approach to IT risk and compliance management, Symantec Risk Automation Suite shortens windows of vulnerability, supports continuous compliance reporting, and reduces the cost of compliance and the complexities of enterprise risk management. Summary Symantec has been at the forefront of guiding SCAP standards, and the Symantec Risk Automation Suite was one of the first SCAP NIST approved tools in the marketplace With SCAP-validated methodology and standards, public sector agencies gain unprecedented visibility into and control over their IT environment. Users can quickly measure, remediate threats and risks, and continuously verify compliance with these FISMA requirements as well as an array of other standards. With more than a decade of work with federal agencies, Symantec has developed a deep understanding of the unique challenges government agencies face and how to address these challenges. 3

About Symantec Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. http://go.symantec.com/ federalgovernment Symantec US Public Sector Headquarters 2350 Corporate Park Drive Suite 300 Herndon, VA 20171 +1 (703) 885 3563 Symantec helps organizations secure and manage their information-driven world with high availability, business continuity software, compliance risk management, and disaster recovery solutions. Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 2/2011 21177625

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information