Configuresoft to Deliver "Drop & Deploy" IT Control Solution to Meet GLBA Requirements

Market Wire, March, 2005

Configuresoft, the recognized leader in highly scalable enterprise policy compliance, configuration management, and security patch management technology, today announced the Enterprise Configuration Manager/GLBA (ECM/GLBA) IT Control Solution. This solution addresses patch management, event log collection/archiving and includes Compliance Templates for managed machines. These Templates are based on the settings recommended in the NIST security checklists for Windows. Configuresoft's Center for Policy & Compliance team members dissected the checklists for Windows NT, Windows 2000, Windows XP and Windows 2003 and created compliance rules to match the GLBA requirements.

"Since different organizations may use different software and unique financial processes, many are still struggling to understand how the regulations impact their organization, where to begin and how to prepare for the required audit," said Scott Crawford, senior analyst at Enterprise Management Associates. "Experience in compliance and how to implement a complete security program are invaluable toward fulfilling compliance requirements specific to each entity. As a readily deployed solution, Configuresoft's ECM/GLBA templates address the critical privacy and risk assessment issues for one of today's most heavily regulated industries-financial services."

Configuresoft's Center for Policy & Compliance Team (comprised of policy experts, former auditors and early contributors to the Federal mandates and standards), have prepared a comprehensive series of automated checks and controls and include access control, audit control and access change monitoring. This ensures a company's automated strategy for GLBA compliance will consistently meet the standard.

The Gramm-Leach-Bliley Act (GLBA) of November, 1999 was created to modernize the financial services industries. The GLBA tasks financial intuitions with the protection and privacy of consumer data. Additionally, the legislation requires a security program in place to protect the confidentiality, integrity and availability of non-public consumer information.

Using Configuresoft's ECM/GLBA IT control solution a corporation can collect the most detailed configuration data from every Windows workstation and server on the network. It will store that information in a centralized SQL database for immediate access, analysis and reporting. Additionally, it will consolidate configuration data from an entire enterprise to a single view to maintain these standards. Once the organization has imported the GLBA rule sets into ECM, it will see these rules across six Compliance Templates and implement a four-step process which includes:

1. Review and adjust the rules to gain an understanding of the settings
   they will affect;
2. Run compliance rules in 'read-only' mode;
3. Test and Manually Enforce; and
4. Automatically Enforce.

"Because of the importance and public nature of this challenge, GLBA compliance efforts are expected to receive continued priority from executive management, auditors and IT staff. Any institution required by law to adhere to the GLBA will find this task much easier if it can implement and audit a proper compliance strategy and then automate compliance enforcement," said Chris Farrow, director, Configuresoft's Center for Policy & Compliance. "By demonstrating effective IT controls, ECM enables corporations to easily and effectively automate, monitor and document their compliance efforts, and consistently defend compliance requirements to recognized auditing standards."

About Enterprise Configuration Manager

Configuresoft's flagship product, ECM, automates the management of configuration settings for Windows-based servers and clients, and enforces security and IT standards. Going beyond patch management, ECM enforces security policies without human intervention by automatically resetting configurations to their pre-defined standard when they are inadvertently changed. Within the space of configuration management and policy remediation, ECM enables the most detailed monitoring available and automatically mitigates any deltas that were assessed-ensuring "Dynamic Compliance Controls" throughout the Microsoft® Windows® environment. Designed by working auditors, Configuresoft's policy templates will offer a comprehensive series of automated checks and controls to correlate with the COSO/CobiT Framework at a granular level.

About Configuresoft

Configuresoft is the recognized leader in highly scalable enterprise policy compliance, configuration management, and security patch management technology, serving eight of the "Global 25" corporations. Based in Colorado Springs, Colorado, the company's products offer large-scale computing environments the ability to collect and analyze the most detailed information available about system application settings, events and operational trends, to a centralized point of management and control. Configuresoft provides the tools to keep mission-critical systems properly configured, while ensuring compliance with stringent regulatory mandates, such as Sarbanes-Oxley, HIPAA, GLBA and FISMA, operational standards and evolving process methodologies. To contact Configuresoft, call 719.447.4600, visit us on the Web at www.configuresoft.com or write to info@configuresoft.com.