Secure Elements, Inc., a leader in IT compliance and vulnerability management solutions, today announced that it has contributed the industryâs first standards-based XML content for evaluating Microsoft Windows Vista compliance with Microsoftâs Windows Vista Security Guide Solution Accelerator. This content has been contributed to the National Institute of Standards and Technologyâs (NISTâs) Security Content Automation Program, and was released to the public by NIST for review in conjunction with the launch of Microsoft Windows Vista on November 30th, 2006.
âNow the industry has a common language for defining and assessing IT controls, as well as an open source of validated content that auditors and information assurance professionals can rely on,â said Scott Armstrong, Vice President of Marketing and Alliances for Secure Elements. âWe believe that the success of this program will not only help federal agencies, but also private sector industries to achieve cost effective programs for automating IT compliance assessment and remediation activities.â
The Security Content Automation Program provides a free public repository of validated XML content for automating technical control compliance activities, vulnerability checking (both application mis-configurations and software flaws), and security measurement. This content represents best practices, encoded in machine readable XML formats, for the evaluation of systemsâ configurations for regulatory compliance.
The IT controls being evaluated are uniquely defined, with granular line item references to guidance and directives from ISO 17799, NIST, DoD, GAO, and DCI. These IT controls represent the broad spectrum of best practices from which Information Assurance practitioners derive their own corporate policies for security and regulatory compliance with SOX, HIPAA, NERC, GLBA, and others.
âInterpreting Security Guidelines and preparing for enterprise roll-outs of a new operating system can be an overwhelming task for an enterprise,â said Scott Carpenter, Director of Security Labs for Secure Elements. âBy leveraging solutions for automating the assessment of the security configurations, when adapted for their enterprise environment, helps eliminate the risk and cost of this type of operating system roll-out.â
Secure Elementsâ solution, C5 Enterprise Vulnerability Management (C5 EVM), is the only product that natively supports XML standards (OVAL 5.0 and XCCDF) for compliance and vulnerability management. With support from the National Institute of Standards and Technology, these standards provide the IT industry the basis for security compliance benchmarks and assessments.