Configuresoft Aims to Ease Compliance

Configuresoft enhances its configuration tool in an effort to help ensure continuous compliance.

Configuresoft will add to the compliance drumbeat on April 10 when it launches the next major release of its Enterprise Configuration Manager software for managing desktop and server configurations.

ECM version 4.8, aimed at enterprises trying to get a handle on the policy and regulatory compliance of large populations of desktops and servers, adds a range of new features that help enterprises work toward continuous compliance with company policies as well as regulatory requirements.

The tool, which can gather up to 80,000 parameters on a single systems configuration status, gathers such data across Windows and Unix desktops and servers.

It normalizes the data from the different platforms and stores it in a single repository.

By drawing off the work of a team of regulatory experts in Configuresofts Center for Policy & Compliance, ECM can help streamline the process of complying with regulations such as Sarbanes-Oxley, HIPAA, GLBA, FISMA.

New support was added in version 4.8 for standard industry best practices, such as PCI DSS and Microsoft Security and Hardening Guidelines.

"Our experts are looking at mandates and coding those so customers dont have to start from scratch," said Ron Smith, product marketing director at Configuresoft in Houston, Texas.

"Companies dont want to be experts at those different guidelines. We monitor, post and maintain those mandates," he added.

A new trending module in ECM 4.8 allows IT administrators and executives to view compliance of all managed desktops and servers over time to validate that they have effective controls in place and that compliance efforts are successful.

"Senior executives are asking, Am I in compliance?" said Andrew Bird, vice president of marketing at Configuresofts headquarters in Colorado Springs, Colo.

"In one graph I can show different compliance issues and see how compliant I am and how thats trending over time. The template shows which machines are in compliance with a green indicator, and a red indicator shows which machines are not in compliance.

The trending views are provided in new Executive Compliance Dashboards.

"We havent had this kind of interface before. The Dashboard really helps us," said an ECM user at a major health care organization, who asked not to be named.

The dashboards also streamline the reporting process, saving "a lot of time," said the user.

"With previous reports, if I want to see patching of different types of servers, I had to have [a report for each server group]. In this one, I have one report—one chart that shows all the groups of servers and what the status of each server is," added the user.

The tool also allows users to automate remediation of machines not in compliance, and it validates that a patch or fix has been applied.

/zimages/2/28571.gifClick here to read more about ECM.

ECM 4.8 also provides a more flexible way to capture disparate Unix configuration data normally held in different files.

"We built a technology that can capture a lot of Unix scripts and configuration data and pull it all back to the [configuration management database]," said Bird.

"We can parse the information from the CMDB and pull it out so that everyone is looking at the same data set," he added.

The new release, which also adds support for HP-XU and IBMs AIX, is due April 10.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest news, commentary and analysis on regulatory compliance.