EMERYVILLE, CA -- 05/20/08 --
BigFix, Inc., a leader in real-time IT
security and management solutions for the distributed enterprise, has
reached an important milestone in its drive to revolutionize system
configuration compliance processes through customer and partner
availability of BigFix Security Configuration Management Compliance
Controls (SCMCC). The offering consists of a library of pre-packaged
configuration audit settings and reporting content designed to provide
configuration change detection, reconciliation against desired security
policies, and remediation of out-of-compliance policies on supported
platforms. The BigFix SCMCC solution operates through the BigFix Discovery
7 technology platform and targets common industry best practices and
regulatory compliance standards, such as the Standard Technical
Implementation Guides (STIG) development by the Defense Information System
Agency (DISA).
See, Assess, Enforce, Comply
The SCMCC offering focuses BigFix real-time visibility and control to
support IT regulatory compliance initiatives and security configuration
standards at scale in heterogeneous environments. Driven by audit and
regulatory compliance needs, IT organizations and CIOs in the vast majority
of public and private organizations lack clear visibility or automated
control over compliance audit and reconciliation of IT infrastructures that
can consist of 1000s-to-100,000s of distributed PC, laptop, handheld, and
server computers. The SCMCC configuration audit libraries when distributed,
enforced, and reported through the BigFix technology platform, will change
the compliance process from "push, pray, and probe" to see, assess,
enforce, and monitor IT compliance policies in real-time.
"The biggest problem that organizations face when defining their compliance
objectives is visibility. It's simple. You can't prove that you comply with
something if you have no visibility into it," said Jim Hansen, senior
product manager for BigFix. "In our view, compliance and effective IT
infrastructure management should be synonymous. The SCMCC configuration
audit libraries are a big step in changing compliance from a cost of doing
business to an engine for higher levels of IT effectiveness and value
generation."
"Adding BigFix to the mix will take a big bite out of the complexity and
administrative overhead of implementing and maintaining compliance with key
government and industry standards," said Chris Knotts, director of federal
solutions for Force 3, Inc., a leading solutions integrator focused on the
federal government market. "DISA STIG and FDCC are an excellent place to
start the SCMCC initiative, as these standards are at the top of the list
for security best practices compliance throughout the federal government."
Real-Time Visibility and Control for Technical Controls Compliance
BigFix SCMCC leverages the BigFix Discovery 7 platform to bring massive
scalability, real-time visibility, and continuous control across
distributed desktop, mobile, and server endpoint computers subject to
regulatory compliance initiatives. SCMCC consists of a BigFix-developed
Library of Common Technical Configuration Policies that map to industry or
customer-specific technical control standards on widely-distributed
desktop, mobile, and server computers. The BigFix Discovery 7 platform
provides a consolidated visibility and control fabric to distribute, apply,
and report compliance with a customer's specific policy set. The BigFix
Compliance Controls libraries run today on Windows and UNIX (including Sun
Solaris) platforms, with Linux support currently under testing and
qualification.
The DISA STIG initiative represents the first set of configuration
standards addressed by BigFix SCMCC. Developed by DISA in response to the
Department of Defense Directive (DODD) 8500.1, the STIG guidelines are
required procedure at DoD agencies, and have been widely adopted by other
federal, state, and local government agencies, and private sector
organizations throughout the world. Using the SCMCC libraries, the BigFix
technology platform's heterogeneous infrastructure management abilities
will enable customers to apply DISA STIG policies to widely used platforms
such as Microsoft Windows 2003 and Sun Solaris through the BigFix single
agent, single infrastructure real-time visibility and control
infrastructure.
In addition to the base set of configuration audit controls, BigFix has
also announced today that it has engaged DOMUS IT Security Laboratory to
perform Security Content Automation Protocol (SCAP) compliance validation
of its Federal Desktop Core Configuration (FDCC) Scanner for the BigFix
Discovery 7 platform on Windows XP and Windows Vista. The validation will
also include coverage for the Authenticated Configuration Scanner,
Authenticated Vulnerability and Patch Scanner, Patch Remediation, Asset
Scanner, and Asset Database. These solutions, combined with the FDCC
Scanner SCAP validation, will enable federal agencies to thoroughly and
accurately report on system configurations and security posture as mandated
by the OMB. This validation demonstrates BigFix's commitment to support
strategic government initiatives such as SCAP and other standards from
organizations such as DISA and NIST.
About BigFix
BigFix®, Inc. offers the only real-time converged PC and server lifecycle
configuration and endpoint protection framework that enables organizations
to see, change, and enforce IT policies in real-time at global scale.
Designed for highly distributed and complex IT infrastructures, BigFix
delivers real-time endpoint visibility and control through its
single-agent/single console, multi-function, on-demand architecture. Its
award-winning technology is proven in production in top-ranked Wall Street
financial firms; leading retailers; healthcare delivery organizations;
national, state/provincial and local governments; and educational
institutions. For more information visit www.bigfix.com.
© 2008 BigFix, Inc. All rights reserved. All company and product names
mentioned herein may be trademarks of their respective companies.
Press contact:
Rosemary Miller
Citigate Cunningham for BigFix, Inc.
415-618-8720
Email Contact
