Configuresoft to Deliver "Drop & Deploy" IT Control Solution to Meet FISMA Requirements

Market Wire, November, 2004

Configuresoft, the industry leader in policy compliance and configuration management technology, today announced the Enterprise Configuration Manager (ECM)/FISMA IT control solution. This auditor-designed solution, based on the NIST SP 800-37 guidelines, helps agencies to monitor levels of consistency toward the Federal Information Security Management Act (FISMA) compliance requirements. It includes patch management, event log collection/archiving as well as compliance templates for managed machines to address specific security control requirements in areas pertaining to IT security management and assessment.

"To ensure successful remediation of security weaknesses, every agency must maintain a central process through the CIO's office to monitor agency remediation efforts," said Chris Farrow, director, Configuresoft Center for Policy & Compliance. "FISMA defines a range of business issues pertaining to the protection of information assets, including a generalized foundation on which agencies can build a flexible-but-strong level of best practices for managing risks. Configuresoft's ECM/FISMA IT control solution will help IT engineers balance the need to keep their networks available while ensuring security and consistency of configuration settings to meet FISMA requirements."

According to Government Computer News (June 7, 2004), "FISMA has an air of immediacy: More than 1.4 million cybersecurity incidents were documented at federal agencies and departments in 2003." From an IT perspective, agencies must provide a comprehensive framework for implementing and ensuring the effectiveness of information security controls over information resources that support Federal operations and assets. This includes a mechanism for oversight of the agency's information security programs.

The Center for Policy & Compliance team (comprised of policy experts, former auditors and early contributors to the Federal mandates and standards), have prepared a comprehensive series of automated checks and controls that capture the most granular detail about large-scale computing environments and provide the needed data to implement FISMA-based directives, including in-depth assessment, auditing and reporting, configuration and change management, and remediation controls throughout an agency's network.

The ECM/FISMA IT control solution:

--  Provides wizard-driven change capabilities that modify configurations
    to comply with FISMA standards;
--  Consolidates configuration data from an entire agency into a single
    view;
--  Captures the configurations that work and deploys them universally to
    ensure continuing compliance to FISMA standards--all from a central portal;
    and
--  Monitors and updates mobile devices, such as laptops, which are often
    the greatest risk to securing the integrity of an IT infrastructure.
    

About Enterprise Configuration Manager and its Suite of Products

Configuresoft's suite of products offers solutions for configuration management, configuration compliance, patch management, extended configuration and compliance support for mobile laptops, and extended configuration and compliance support for SMS clients and SUS clients. Configuresoft's flagship product, ECM, automates the management of configuration settings for Windows-based servers and clients, and enforces security and IT standards. ECM enables companies and government agencies to prevent security vulnerabilities, minimize downtime, reduce help desk calls and enhance system performance. Going beyond patch management, ECM enforces security policies without human intervention by automatically resetting configurations to their pre-defined standard when they are inadvertently changed. These capabilities help organizations retain their systems' proper configuration, while ensuring IT security compliance with regulatory requirements such as FISMA, Sarbanes-Oxley, HIPAA and GLBA.

About Configuresoft

Configuresoft is the industry leader in highly scalable, enterprise configuration management, policy compliance and security patch management technology, serving nine of the "Global 25" corporations. Based in Colorado Springs, Colorado, the Company's products offer large-scale computing environments the ability to collect and analyze the most detailed information available about system application settings, events and operational trends, to a centralized point of management and control. As the only configuration management company to offer both system- and device-level, "end-to-end" controls, Configuresoft provides the tools to keep mission-critical systems properly configured, while ensuring compliance with stringent regulatory mandates, such as Sarbanes-Oxley, HIPAA, GLBA and FISMA, operational standards and evolving process methodologies. To contact Configuresoft, call 719.447.4600, visit us on the Web at www.configuresoft.com or write to info@configuresoft.com.

Editorial Contact: Davida Dinerman/Christina Guilbert Schwartz Communications 781-684-0770 configuresoft@schwartz-pr.com