Configuresoft Targets Compliance

Release streamlines reporting process.

Configuresoft will add to the compliance drumbeat on April 10 when it launches the next major release of its Enterprise Configuration Manager software for managing desktop and server configurations.

ECM Version 4.8, aimed at large enterprises, adds a range of new features that allow companies to continually comply with internal policies and regulatory requirements.

The tool, which can gather as many as 80,000 parameters on a single systems configuration status, gathers such data across Windows and Unix desktops and servers. It also compiles data from the different platforms and stores it in a single repository.

By drawing off the work of a team of regulatory experts in Configuresofts Center for Policy & Compliance, ECM can help streamline the process of complying with regulations such as the Sarbanes-Oxley Act, HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act) and FISMA (Federal Information Security Management Act).

New support was added in Version 4.8 for standard industry best practices, such as PCI DSS (Payment Card Industry Data Security Standard) and Microsoft Security and Hardening Guidelines.

"Our experts are looking at mandates and coding those so customers dont have to start from scratch," said Ron Smith, product marketing director at Configuresoft.

A new trending module in ECM 4.8 allows IT administrators and executives to view compliance of all managed desktops and servers over time to validate that they have effective controls in place and that compliance efforts are successful.

"Senior executives are asking, Am I in compliance?" said Andrew Bird, vice president of marketing at Configuresoft, in Colorado Springs, Colo.

"In one graph I can show different compliance issues and see how compliant I am and how thats trending over time. The template shows which machines are in compliance with a green indicator, and a red indicator shows which machines are not in compliance.

The trending views are provided in new Executive Compliance Dashboards.

"We havent had this kind of interface before. The Dashboard really helps us," said an ECM user at a major health care organization, who asked not to be named.

The dashboards also streamline the reporting process, saving "a lot of time," the user said.

"With previous reports, if I want to see patching of different types of servers, I had to have [a report for each server group]. In this one, I have one report—one chart that shows all the groups of servers and what the status of each server is," the user said.

The tool also allows users to automate remediation of machines not in compliance, and it validates that a patch or fix has been applied.

ECM 4.8 also provides a more flexible way to capture disparate Unix configuration data normally held in different files.