Solutions
Compliance Solutions
  IS Control Auditing
  Policy Management
  Vulnerability Management
  Asset Monitoring
  Remediation
Case Studies
  Finance
  Government
  Public Companies
  Retail
C5 Audit Compliance Trial

Download_WP_Graphic


Download_DS_Graphic
 

Solutions for IT Controls Auditing - NIST SCAP Validated

The C5 Compliance Platform uses standards-based audit checks for technical controls to automate the evaluation, scoring, and reporting of your systems security configurations against regulatory and industry best practices.  While many companies have provided evidence of compliance with legacy tools, spreadsheets, and custom reports, it has become increasingly complex and expensive due to multiple overlapping regulatory drivers and legacy point solutions built on proprietary data formats. 

Now there is an opportunity to simplify the process, reduce compliance risks, and ensure that you are auditing based upon up-to-date guidance and best practices.

Asset Management smaller 03 22 07

Two common frameworks, ISO 17799 and NIST SP 800-53, have become the leading frameworks for mapping back to regulatory requirements for FISMA, SOX, GLBA, HIPAA, FERC/NERC, and others.  Additionally, leading research and audit firms recognize the that these two frameworks also can be used to support higher level IT and security frameworks such as the Control Objectives for Information and related Technology (COBIT), which is frequently used to show compliance with the general control requirements implied by the Sarbanes-Oxley Act of 2002.  These two frameworks are so similar that NIST SP 800-53 includes an appendix that maps the sections within SP 800-53 back to ISO 17799.

How do we help you compared to others solutions or methods?  We provide out of the box templates in standard XML document format (XCCDF) for security configuration checklists.  The NIST Information Security Automation Program (ISAP) publishes these checklists for free use, and our solution is fully compatible with thier content, and is SCAP (Security Content Automation Protocol) compliant.  Federal, State, and Local agencies, and corporations that contract with Federal agencies are required to address FISMA compliance by law.  For these organizations, NIST recommends use of their content to produce security control testing evidence within Federal Information Security Management Act (FISMA) compliance efforts.  More specifically, use of these files can automate production of NIST SP 800-53a technical control testing evidence. 

More significantly, recent OMB guidance requires compliance with the secure desktop configurations for Microsoft XP and VISTA as described in these XML documents.

As part of our solution, we include the largest library of standards based system audit checks available today, where we have enriched the XML metadata with the mappings to ISO 17799: 2005 and higher level regulatory and security frameworks as well.  Automatically delivered to the enterprise as an XML subscription, enabling access to the most up to date guidance.

In summary, our solution enables you to quickly and easily:

  • Customize industry standard templates to your corporate and regulatory environment
  • Leverage the largest library of system audit checks conforming to industry standards
  • Perform audits - on demand - with summarized and detailed benchmark score results 
  • Deliver audit reports that include regulatory or industry standard control mappings
  • Maintains records and results of your audits in support external audit reviews

 Audit.  Evaluate.  Comply.
It really is that simple. 
© 2008 Secure Elements All Rights Reserved. solutions | products | services | news & events | partners | about us | contact us | sitemap