Today's focus: Configuresoft aims to assess networks for
regulatory compliance

By Dave Kearns

I'm a big fan of Configuresoft's Enterprise Configuration
Manager product. If you aren't familiar with ECM, the company
describes it as "a comprehensive configuration management
solution that ensures operational compliance to standards and
best-practice guidelines throughout a computing infrastructure."

According to Configuresoft, ECM collects detailed critical
configuration data from servers and workstations on the network
and stores that information in a centralized SQL database for
immediate access, analysis, and reporting. The company adds that
these capabilities enable IT organizations to optimize their
operational expectations, while ensuring security compliance
with regulatory mandates such as Health Insurance Portability
and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA),
Sarbanes-Oxley and FISMA.

<aside> I wasn't sure what FISMA was, but I knew it wasn't about
motorcycles ( <http://www.fisma.com/> ) or U.K. non-profits
(<http://www.fisma.org/> ) or Software Measurement in Finland
(<http://www.fisma-network.org/> ). What it's about is the
Federal Information Security Management Act. Learn more (if you
need to) from the White House Office of Management and Budget
(OMB) at

ECM collects, collates and catalogs vast amounts of data. Data
that's necessary to meet compliance requirements for the
regulations listed as well as many others - and more still in
the planning stages.

What ECM can't do is to digest all of the data for you. Provided
you have a smallish network, and provided you have the necessary
time, then you can do the analysis and determine your security
vulnerabilities and needs in light of the regulatory
requirements. Well, provided you're up to speed on which
regulations and which requirements you need to fulfill. If that
sounds like a daunting task, it is.

Configuresoft talked to its customers and listened to their
requests. So this week the company is launching a program
designed for large enterprise clients concerned about the
security configurations of their Microsoft Windows environment
and subsequent issues regarding compliance to IT or governmental
standards and regulations.

The Rapid Security Configuration Assessment (RSCA) Program is
intended for organizations that lack the time, objectivity and
expertise to accurately assess vulnerabilities to their
infrastructure. RSCA is designed to quickly identify what areas
in an organization are vulnerable and creates a prioritized
action plan, which offers a running start for securing an
organization's most vulnerable assets while meeting regulatory

Typically, An RSCA engagement will use Configuresoft's ECM to
quickly and accurately collect detailed configuration
information from a sample of servers and workstations. Then
Configuresoft's Center for Policy and Compliance experts will
analyze this data to assess the environments' security level
based on IT Best Practices and Government mandates.

The Center has developed several RSCA tracks tailored for
various industries and needs which include "RSCA - Microsoft's
Securing and Hardening Guides", "RSCA - SOX" and "RSCA - HIPAA."
People trained in the implementation of the regulations as well
as in the intricacies of Windows networking will do the work
that you and your team have neither the time or, in many cases,
the expertise to handle.

Pricing wasn't available to me last week when I wrote this, but
it won't be cheap. Still, how much is it worth to keep you and
your bosses out of court - and out of jail?


Jam-packed ConfigureSoft Enterprise Configuration Manager
Network World Windows Networking Tips Newsletter, 06/18/03

Copyright Network World, Inc., 2004

Questions or problems regarding this web site should be directed to abeckman@outdoorssite.com.

Copyright 2008 Art Beckman. All rights reserved.

Last Modified: March 9, 2008