I had the pleasure of speaking with Alex Tatistcheff, information security manager for Idaho Power, on Dec. 12 about his implementation and use of nCircle's CCM (Configuration Compliance Manager). Anyone interested in compliance management, especially for servers, would do well to take a look at the case study. There's also a review of nCircle's product and a slide show of CCM in action. There is also a related case study on the Denver International Airport's PCI compliance steps.
Idaho Power is primarily using nCircle for Sarbanes-Oxley Act compliance and Denver International's project was aimed squarely at PCI compliance. I'd like to circle back to both organizations in about a year to see if they've expanded the use of their auditing tools to other compliance projects. My guess is that they will. IP was talking about NERC (North American Electric Reliability Corporation) infrastructure protection regs for which it might use nCircle. Denver may never say what else is happening, since as an international airport it is pretty tight-lipped about security and compliance. But I'll ask anyway.