NetIQ Corp. this week joins a growing roster of security compliance software makers that are expanding the tools they built for enterprises to the government market.
Government agencies do not face the same bottom-line imperative to follow best practices that commercial enterprises do, and their repeated poor performance on annual information security evaluations illustrates the point.
/zimages/4/28571.gifThe DHS is still finding progress in its cyber-security policies elusive.Click hereto read more.
However, there is growing pressure on Washington to comply with federal information security management regulations, and the threat of tying budgets to performance is spurring action.
“Were expecting enforcement,” said Gregory Davoll, group manager for Security Management Solutions at NetIQ, in Houston. “The regulatory spirit is at one level, and the best practices are at another level. There will be repercussions.”
NetIQ is rolling out policy templates for use with its Security Compliance Suite to assess government agencies compliance with FISMA, or the Federal Information Security Management Act of 2002.
The challenge for agencies is to translate the high-level specifications of FISMA into detailed compliance guidelines, Davoll said. The templates are designed to give federal CIOs a way to reduce the time and labor involved in assessing compliance by automating the task. They cover four categories of security controls: access control, audit and accountability, configuration management, and identification and authentication.
/zimages/4/28571.gifA recent study shows CISOs at federal agencies are being pickier about protection and are spending more time on compliance issues.Click hereto read more.
Canadas Smart Systems for Health Agency in Toronto recently deployed NetIQs Security Manager and AppManager to help ensure the confidentiality of patient data. The government-run social services agency in Quebec, Ministère de lEmploi, de la Solidarité Sociale et de la Famille, uses NetIQ technology to monitor and manage 180 remote sites to detect system degradation.
Symantec Corp., of Cupertino, Calif., launched Enterprise Security Manager for FISMA in January of last year, and BindView Corp., also of Houston, launched BindView Report Packs for FISMA in March of last year. More companies in the compliance assessment arena, including startup Brabeion Inc., in McLean, Va., are expected to follow suit.
/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.