http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Mon, 25 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13390.html Hawaiis Punahou School Deploys Secure Computings Secure Web to Bolster Internet Security http://www.compliancehome.com/news/FISMA/13390.html Thu, 14 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13325.html Shavlik Technologies' customers utilize single solution to simplify and automate the reports recommended steps of Assess, Prioritize, Remediate, Repeat. http://www.compliancehome.com/news/FISMA/13325.html Wed, 13 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13313.html Secure Elements announced that the company has released a new version of the C5 Compliance Platform capable of auditing and managing EPA ENERGY STAR settings for Windows XP and Vista for Desktop and Laptop configurations consistent with the NIST Security Content Automation Protocol (SCAP). The C5 Compliance Platform is currently used by the Presidential Management Agenda (PMA) Scorecard Agencies for reporting their FDCC Security Settings to OMB. These agencies are now able to use C5 to audit and manage their power savings settings within the same compliance solution, thereby complying with Executive Order 13423, which requires federal agencies to activate ENERGY STAR sleep features on computers and monitors. http://www.compliancehome.com/news/FISMA/13313.html Tue, 12 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13299.html Three surveys, with more than 780 respondents, show the increasing importance of enterprise risk management (ERM) to chief financial officers, audit committee members and chief audit executives. Crowe Chizek and Company LLC released the surveys results, which included participants from a broad spectrum of public and private companies, with revenues ranging from $100 million to more than $10 billion. The surveys found that more than 65 percent of chief financial officers (CFOs) and 70 percent of audit committee members cited managing enterprise risk as the biggest challenge for their organizations over the next 12 months. According to those surveyed, ERM was considered an even bigger challenge than improving financial reporting and improving internal controls for CFOs. http://www.compliancehome.com/news/FISMA/13299.html Fri, 08 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13281.html StoredIQ, whose innovative eDiscovery technology revolutionizes the way companies address electronic discovery and litigation readiness, announced today that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions has named the StoredIQ appliance a winner of the 2008 Best Products and Services Award. This respected annual award honors products and services that represent the rapidly changing needs and interests of the end-users of technology worldwide. As part of the tech-industrys leading global awards program, this years Best Products and Services were nominated from all over the world. http://www.compliancehome.com/news/FISMA/13281.html Tue, 05 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13259.html Triumfant has announced that Network Products Guide, a Silicon Valley Communications publication and a world leading publication on technologies and solutions has named Triumfant Compliance Manager a winner of the 2008 Best Products and Services Award. This respected annual award honors products and services that represent the rapidly changing needs and interests of the end-users of technology worldwide. As part of the tech industry's leading global awards program, this year's Best Products and Services were nominated from all over the world. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-- including Federal Information Security Management Act (FISMA), Federal Desktop Core Configuration (FDCC), Payment Card Industry Data Security Standard (PCI DSS), and custom IT policies -- and is NIST Security Content Automation Protocol (SCAP) validated in accordance with the OMB FDCC security mandate for all Federal http://www.compliancehome.com/news/FISMA/13259.html Mon, 04 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13251.html DigitalStakeout, an innovator and source of breakthrough Security Information and Event Management (SIEM) solutions, today released its summary of the results from its inaugural Cybersecurity Defense-in-Dimension Roundtable held in Washington, D.C.The Roundtable worked and identified four cornerstone issues as the basis for expanded future roundtable discussions. The four issues are: -- The immutable need for integration of Global threat intelligence in business/mission based security infrastructures -- The need to move to dynamic information-centric cybersecurity systems that support all source analysis and enable non-obvious threat attribution -- The priority to drive performance based strategies with value based mission and business metrics -- Create a Trusted SIEM reference architecture that breaks the contextual constraints of defense-in-depth and advances Defense-in-Dimension as the way forward. http://www.compliancehome.com/news/FISMA/13251.html Mon, 04 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13248.html Secure Computing Introduces Secure Web Reporter for Complete, Real-Time Viewing of Web Activity, Security, Performance and Compliance http://www.compliancehome.com/news/FISMA/13248.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13231.html LogicEase Solutions, provider of the mortgage industry's leading suite of risk management solutions - ComplianceEase, announced that the United States Patent and Trademark Office (USPTO) issued U.S. Patent No. 7,386,505 to LogicEase on June 10, 2008, following the Notice of Allowance provided on November 23, 2007. This patent is the first of its kind issued with respect to an automated compliance solution for the mortgage industry. Patent No. 7,386,505, entitled System and Method for Automated Compliance with Loan Legislation, covers ComplianceEase's Automated Compliance System - ComplianceAnalyzer(R). This expert system examines mortgage loans and, in real-time, produces loan level reports and analytics with respect to applicable laws and regulations at multiple jurisdictional levels. http://www.compliancehome.com/news/FISMA/13231.html Thu, 31 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13228.html Secure64 Software Corporation has developed a product that dramatically simplifies the implementation and management of DNSSEC. Secure64 DNS Signer is the first and only product that addresses each of the obstacles that have slowed the widespread deployment of DNSSEC zone signing, including the need for simplicity, security, auditability and scalability. While recent patching efforts have mitigated the impact of the cache poisoning vulnerability identified by Dan Kaminsky and widely reported by the media, deployment of DNSSEC is widely regarded as the only viable long-term solution to securing the Domain Name System (DNS). http://www.compliancehome.com/news/FISMA/13228.html Thu, 31 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13227.html The OWASP Foundation ( www.owasp.org) has posted their final speaker selection for their upcoming conference in New York City. The conference will take place September 22nd - 25th, downtown at Pace University, located at One Pace Plaza.This application security world conference will be the largest OWASP conference ever. The Keynote Speakers for this event will include Howard A. Schmidt, Former White House Cyber Security Advisor, Joe Jarzombek, the Director for Software Assurance in the Department of Homeland Security (DHS), and Jeff Williams, Chairman of the OWASP Foundation. Jeremiah Grossman, Robert RSnake Hansen, along with many other well known application security pioneers, will present new research, findings and solutions. This conference is limited to only 1,000 attendees, so reserve your spot immediately. http://www.compliancehome.com/news/FISMA/13227.html Tue, 29 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13213.html Merlin International and CA, announced that Merlin has been selected by the U.S. Department of Veterans Affairs (VA) to provide CAs robust identity and access management solutions to support the majority of the Departments identity management and access management requirements. The solutions are designed to enable VA to leverage e-Authentication, verify proper access to information, protect data, simplify internal systems, and enhance compliance with FISMA, HSPD 12 and HIPAA. VA makes benefits and services available for approximately 60 million veterans and their family members. With more than 230,000 employees, 153 medical centers and 800 Community Based Outpatient Centers, VA is the largest direct health care delivery system in America. By deploying enterprise-wide identity and access management solutions, VA will be able to provide secure delivery and access to Web-based applications; enhance veteran access to benefit and health information; improve regulatory compliance; improve http://www.compliancehome.com/news/FISMA/13213.html Mon, 28 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13198.html SCIPP International, a global non-profit organization dedicated to providing world-class security awareness training and certification services, has announced that it has received an endorsement of its security awareness course content and its proprietary body of knowledge known as SCIPP GAP (Generally Accepted Practices) as it pertains to disaster recovery, from the Business Continuity Institute-USA Chapter. SCIPP's proprietary Security Awareness training and certification program satisfies organizational compliance requirements for security awareness as defined in the Payment Card Industry (PCI-DSS), the Federal Information Security Management Management Act (FISMA), the Gramm-Leach Bliley Act (GLB), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), the Federal Financial Institutions Examination Council (FFIEC) Guidelines, and other industry specific bodies that regulate reporting and best business practice requirements. http://www.compliancehome.com/news/FISMA/13198.html Sun, 27 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13192.html Triumfant announced that Triumfant Compliance Manager(TM) has achieved NIST Security Content Automation Protocol (SCAP) validation in accordance with the OMB Federal Desktop Core Configuration (FDCC) security mandate for all Federal agencies. Triumfant Compliance Manager is the only stand-alone solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, laptop and server, every day. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-including Federal Information Security Management Act (FISMA), FDCC, Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and custom IT policies-while making the organization more secure in the process. Based on the uniquely powerful Triumfant IT Intelligence(TM) platform, Compliance Manager continuously verifies and enforces security policies on every PC, laptop, http://www.compliancehome.com/news/FISMA/13192.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13183.html Triumfant, the industry leader in Automated Compliance Monitoring and Control software, today announced that Triumfant Compliance Manager has achieved NIST Security Content Automation Protocol (SCAP) validation in accordance with the OMB Federal Desktop Core Configuration (FDCC) security mandate for all Federal agencies. Triumfant Compliance Manager is the only stand-alone solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, laptop and server, every day. Triumfant Compliance Manager dramatically reduces the time and costs necessary to achieve compliance with a variety of regulations-including Federal Information Security Management Act (FISMA), FDCC, Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and custom IT policies-while making the organization more secure in the process. Based on the uniquely powerful Triumfant IT Intelligence platform, Compliance Manag http://www.compliancehome.com/news/FISMA/13183.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13182.html Stanley, provider of systems integration and professional services to the U.S. federal government, today announced that it was awarded a five-year information technology security support services contract by the Millennium Challenge Corporation (MCC), a U.S. Government corporation designed to work with some of the poorest countries in the world. If all four of the annual options are exercised, the total five-year value of the time and materials contract will be approximately $5.6 million. Stanley is honored to have the opportunity to support our new customer, the Millennium Challenge Corporation, in its mission to reduce global poverty through the promotion of sustainable economic growth, said Phil Nolan, chairman, president and CEO of Stanley. We are also very pleased to be working on this effort with Iron Vine Security, LLC. http://www.compliancehome.com/news/FISMA/13182.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13178.html WorldExtendR, provider of remote data and application access software,has announced that its IronDoorR 3.5 remote network access software will make it simple for small to medium sized organizations to immediately implement a realistic telecommuting program for staff. This follows recent research from such respected institutions as the Telework Exchange and MSNBC confirming that telecommuting can significantly reduce both environmental pollution and fast-escalating travel costs associated with inflated gas prices. IronDoor 3.5's software-based secure remote network access enables small to medium sized organizations to set up a telecommuting or telework program by providing staff with secure, anytime/anywhere access to both applications and data (similar to Citrix). By ensuring that remote users can now securely access any resources they require, IronDoor 3.5 will facilitate staff in the reduction of rapidly-escalating costs associated with commuting - which recent MSNBC research estimat http://www.compliancehome.com/news/FISMA/13178.html Wed, 23 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13171.html Guardium, the database security company, and BMC Software are hosting a Webcast to provide government agencies with effective strategies for safeguarding Personally Identifiable Information (PII) in sensitive databases and easily complying with OMB M-06-16. The OMB directive states that government departments and agencies must log all extracts from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required. Major government agencies, such as the Federal Trade Commission, have already improved database security and addressed compliance regulations by deploying Guardium's database activity monitoring (DAM) solution. Guardium 7 monitors and tracks all access to sensitive data, across all major DBMS platforms and applications, without impacting database performance or requiring changes to applications. http://www.compliancehome.com/news/FISMA/13171.html Sun, 20 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13159.html Archer Technologies (Archer), a provider of enterprise governance, risk and compliance solutions, today announced the release of its Data Feed Manager, which provides a new way for companies to perform rapid integrations between industry-leading products and the Archer SmartSuite Framework. Designed for use by technical business analysts, the Data Feed Manager allows Archer clients and partners to use the Archer Framework as a point of consolidation, bringing together data from any source for correlation, analysis, process management and reporting. A vital component of any governance, risk and compliance program is the ability to form an aggregate view of risks, vulnerabilities, metrics and operational data within the enterprise, says Jon Darbyshire, president and CEO of Archer Technologies. With the Data Feed Manager, Archer is putting power in the hands of technical business users to rapidly integrate enterprise data systems with the Archer SmartSuite Framework. This is a new market http://www.compliancehome.com/news/FISMA/13159.html Wed, 16 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13154.html Ounce Labs announced that the company's Advanced Research Team (ART) has documented two vulnerabilities that can affect Java web applications that utilize the Spring Framework. With more than five million downloads of Spring to date, the security vulnerabilities identified could affect countless enterprises that utilize this commonly used framework. The specific vulnerabilities are 'ModelView Injection' and 'Data Submission to Non-Editable Fields.' These vulnerabilities allow attackers to subvert the expected application logic and behavior, gaining control of the application itself, and access to any data, credentials or keys held in the application. Although the two vulnerabilities discovered and analyzed by Ounce are part of the Spring Framework, Ounce Labs ART experts believe that similar issues can be found in other popular Frameworks. The ART Team has worked closely with the security team from SpringSource, the company behind Spring, to confirm these security issues and develop re http://www.compliancehome.com/news/FISMA/13154.html Tue, 15 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13141.html Compliance11, provider of regulatory compliance management solutions, announced that it has released Compliance11 Supervisory Suite 2.0. The second generation Software-as-a-Service application has an enhanced design including expanded functionality within each of the software's four modules -- personal trading, affirmations and disclosures, gifts and case management. Tad Mitchell, president and chief operating officer at Compliance11 said, As a SaaS provider we are able to constantly enhance the application with no impact or cost to our customer base. Our solutions are based on the feedback and direction of our clients resulting in a synergistic and effective compliance management product suite. http://www.compliancehome.com/news/FISMA/13141.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13128.html McAfee announced enhancements to McAfee Total Protection (ToPS) for Endpoint, McAfees flagship endpoint security solution. This release provides new and updated compliance and security functions, including powerful policy auditing, flexible network access control, rogue system detection, enhanced Web security and improved anti-malware technology. The integration of management capabilities between endpoint security and compliance management enables customers to reduce costs, improve visibility and comply with industry & security policy across their entire infrastructure. According to Research VP Paul Proctor, Gartner, Inc. Companies today realize that they need more than just good security controls, and that they must also address compliance with internal security policies and industry regulations. A combination of good security functions and compliance management improves security operations efficiency and maturity. http://www.compliancehome.com/news/FISMA/13128.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13127.html netForensics, a visionary leader in the Information Security Management market, announced new functionality in its flagship Security Information Management (SIM) application that provides unprecedented guidance for managing and reporting on critical IT security issues, as well as compliance with regulatory requirements and standards. The integration of the new security audit framework into its nFX SIM One product enables netForensics to deliver the market's most comprehensive solution for managing and reporting on IT security and third-party compliance requirements. Modules that address specific regulations, such as PCI, Sarbanes-Oxley, HIPAA and FISMA, easily plug into the framework for quick deployment and rapid time to value. The first module delivered as part of the release of the new security audit framework helps retail organizations manage themselves against the Payment Card Industry (PCI) Data Security Standard. http://www.compliancehome.com/news/FISMA/13127.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13123.html Shavlik Technologies, the market leader in delivering software solutions that rapidly accelerate and continuously improve security and compliance readiness, has announced that the Shavlik Security Suite has earned Security Content Automation Protocol (SCAP) validation, a U.S. government-mandated initiative for standards based security automation. http://www.compliancehome.com/news/FISMA/13123.html Thu, 10 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13113.html A new publication released by the National Institute of Standards and Technology (NIST) on June 30 can help information system managers negotiate the often complex process of assessing security controls in their information systems. Although designed specifically to meet the needs of federal IT managers who must satisfy government requirements called for in the 2002 Federal Information Security Management Act (FISMA), the new guide can be useful to IT professionals across the industry. The document, Special Publication 800-53A, Guide for Assessing the Security Controls in Federal Information Systems, is designed to assist managers in assessing the effectiveness of the security controls called for in NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems. SP 800-53 is one of the core documents supporting the Risk Management Framework that was developed for federal agencies by NIST as part of its FISMA responsibilities. SP 800-53 specifies a flexib http://www.compliancehome.com/news/FISMA/13113.html Thu, 10 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13107.html Shavlik Technologies, provider of software solutions that rapidly accelerate and continuously improve security and compliance readiness, today announced that the Shavlik Security Suite has earned Security Content Automation Protocol (SCAP) validation, a U.S. government-mandated initiative for standards-based security automation. The SCAP protocols enable security software technologies to exchange system configuration controls and vulnerability information in a standard format. This ensures that security-related content can be accurately and consistently processed within any SCAP-validated tool. SCAP validation gives government customers the freedom to select a best-of-breed solution that meets their needs and satisfies federal security initiatives and regulations. The Shavlik Security Suite delivers an SCAP Edition that is one of few SCAP-validated tools that simplifies and automates both assessment and remediation. http://www.compliancehome.com/news/FISMA/13107.html Tue, 08 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13087.html StillSecure, provider of secure network infrastructure solutions, announced that EWA-Canada has been contracted to conduct Security Content Automation Protocol (SCAP) testing for StillSecure VAM, the company's vulnerability management system. SCAP is a method for using NIST-approved standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). SCAP falls under the Information Security Automation Program (ISAP), which is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. http://www.compliancehome.com/news/FISMA/13087.html Tue, 08 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13086.html Shavlik Technologies, the market leader in delivering software solutions that rapidly accelerate and continuously improve security and compliance readiness, today announced that the Shavlik Security Suite has earned Security Content Automation Protocol (SCAP) validation, a U.S. government-mandated initiative for standards-based security automation. The SCAP protocols enable security software technologies to exchange system configuration controls and vulnerability information in a standard format. This ensures that security-related content can be accurately and consistently processed within any SCAP-validated tool. SCAP validation gives government customers the freedom to select a best-of-breed solution that meets their needs and satisfies federal security initiatives and regulations. The Shavlik Security Suite delivers an SCAP Edition that is one of few SCAP-validated tools that simplifies and automates both assessment and remediation. http://www.compliancehome.com/news/FISMA/13086.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13081.html Chesapeake System Solutions announced that Central Bancompany, a full-service financial institution based in Jefferson City, Mo., is successfully using T-Recs Enterprise and Internet Data Manager (IDM) as central components of efforts to minimize operational and financial risk. Central Bancompany, which has nearly $8.5 billion in assets, serves markets in Missouri, Illinois, Kansas and Oklahoma through 13 community banks with approximately 175 locations. Central also operates a full-service trust affiliate. T-Recs Enterprise is an all-in-one application that offers all the functionality needed to reconcile the entire balance sheetcash and non-cash accountsand a sophisticated workflow management engine that keeps financial compliance processes on track and automatically escalates unresolved issues. T-Recs Enterprise offers unparalleled scalability and flexibility to support the increasing transaction volumes associated with growth-oriented entities such as Central, yet is well http://www.compliancehome.com/news/FISMA/13081.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13064.html nCircle announced the Security Content Automation Protocol (SCAP) validation of nCircle IP360 and nCircle IP360 Mobile, the world's leading vulnerability and risk management system. As one of the early SCAP-validated solutions on the market, nCircle IP360 provides U.S. Federal agencies with an enterprise class system to support the largest networks, while at the same time delivering SCAP certified vulnerability scanners with the ability to determine the presence of known software flaws by evaluating the target system over the network. SCAP is a protocol using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance) and is sponsored by the Information Security Automation Program (ISAP), a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. http://www.compliancehome.com/news/FISMA/13064.html Mon, 30 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13049.html Core Security Technologies today announced that CORE IMPACT, the most comprehensive product for proactive security testing, can be used to help U.S. federal agencies comply with the new information security assessment guidelines outlined by the National Institute of Standards and Technology (NIST). NIST Special Publication 800-53A, Appendix G (http://csrc.nist.gov) advocates the use of penetration testing technology by all federal agencies as a key component of an effective security assessment plan. It's great to see the federal government taking steps to ensure that penetration testing is widely used as a method of assessing real-world risks, said Robert Maley, chief information security officer for the Commonwealth of Pennsylvania. Gaining a comprehensive view of vulnerabilities across an organization's security infrastructure is an important step in enhancing the security posture of our federal agencies. Pennsylvania has been using CORE IMPACT for some time as a critical compo http://www.compliancehome.com/news/FISMA/13049.html Mon, 30 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13048.html Secure Firewall enables compliance with PCI Data Security Standard while also providing industry-leading security and manageability http://www.compliancehome.com/news/FISMA/13048.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13022.html Integrity Interactive Corporation, a company that helps leading global corporations manage and reduce the risk of ethics and compliance failures, today announced its partnership with Vantage Partners, the leading management consulting firm specializing in achieving breakthrough business results by transforming the way companies manage their most important relationships. This partnership will provide clients of both Integrity Interactive and Vantage Partners additional expertise in specific areas of third party relationship management. Companies are looking closely at their supply chain to find ways to reduce risk, manage costs, and drive innovation. Vantage helps companies enhance internal and external collaboration to improve supply chain performance across these key dimensions, said Mark Gordon, Partner at Vantage Partners. Integrity helps its clients ensure that ethical standards are understood and followed by internal and external stakeholders and our partnership will leverage http://www.compliancehome.com/news/FISMA/13022.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/13019.html Test shows Secure Web provides superior preemptive detection with best response time http://www.compliancehome.com/news/FISMA/13019.html Wed, 18 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12987.html The Open Group, a vendor- and technology-neutral consortium focused on open standards and global interoperability within and between enterprises, today announced that the organizations Security Forum has initiated work on a risk management and analysis taxonomy standard. This is the first phase of a comprehensive initiative aimed at eliminating widespread industry confusion about risk management among risk managers, security and IT professionals as well as business managers. The Security Forums focus on a risk management and analysis taxonomy is in direct response to the idea that risk analysis has historically been more art than science. Prior risk taxonomies used terms which were ill-defined, resulting in many inconsistent definitions and taxonomies within the information security landscape. None of these provided a clear and logical representation of the fundamental problem that the risk management profession must control: the frequency and magnitude of loss. http://www.compliancehome.com/news/FISMA/12987.html Tue, 17 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12976.html Triumfant announced an agreement with Dell to deliver out-of-the-box NIST SCAP validated solutions to allow federal organizations to comply with the U.S. Office of Management and Budget (OMB) Federal Desktop Core Configuration (FDCC) mandate. Under the agreement, Dell will incorporate Triumfant Compliance Manager software on Windows computer systems for federal government customers. Triumfant Compliance Manager is the only solution that actively maintains a perpetual state of compliance and audit-readiness on every PC, every day. Triumfant Compliance Manager supports Security Content Automation Protocol (SCAP) to ensure ongoing compliance with the FDCC security standards, as well as a wide range of government regulations and IT policies. http://www.compliancehome.com/news/FISMA/12976.html Tue, 17 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12967.html The secure management of personal digital information is becoming a key challenge for public and private sector organisations alike and, under the new Criminal Justice and Immigration Act, the UK's Information Commissioner is able to impose substantial fines on organisations that 'deliberately' or 'recklessly' commit serious breaches of the Data Protection Act (DPA). To help organisations comply with the requirements of the Act, IT Governance has launched a 'DPA Compliance Toolkit' that provides all the essential templates and tools, greatly simplifying and speeding up the task. http://www.compliancehome.com/news/FISMA/12967.html Sun, 15 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12955.html Symantec announced a significant update to its compliance process automation solution, Control Compliance Suite 9.0, in support of IT Governance, Risk, and Compliance (IT GRC) initiatives within global organizations. Symantec Control Compliance Suite provides customers with the ability to automate key IT compliance processes in order to reduce the risk to their information assets and reduce the costs of managing compliance. Increasingly, IT management is being called on to align with business objectives amidst shrinking budgets. Business executives are asking IT to achieve compliance for internal and external mandates while managing the delicate risk versus return balance. Compliance process automation is the key to meeting these requirements in a cost-effective and sustainable manner. http://www.compliancehome.com/news/FISMA/12955.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12943.html Symantec announced a significant update to its compliance process automation solution, Control Compliance Suite 9.0, in support of IT Governance, Risk, and Compliance (IT GRC) initiatives within global organizations. Symantec Control Compliance Suite provides customers with the ability to automate key IT compliance processes in order to reduce the risk to their information assets and reduce the costs of managing compliance. Increasingly, IT management is being called on to align with business objectives amidst shrinking budgets. Business executives are asking IT to achieve compliance for internal and external mandates while managing the delicate risk versus return balance. Compliance process automation is the key to meeting these requirements in a cost-effective and sustainable manner. http://www.compliancehome.com/news/FISMA/12943.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12941.html OpenPages, provider of Enterprise GRC Management Solutions that optimize business performance, announced it has received a patent for its highly configurable GRC platform. United States Patent and Trademark Office (USPTO) awarded the company U.S. patent No 7,356,771 on April 8, 2008, and the patent describes the company's innovation around developing applications based on a metadata-driven framework. The patent demonstrates the uniqueness of the company's GRC platform and its commitment to product innovation. The patent further illustrates the company's leadership in the market for governance, risk and compliance (GRC) solutions. Through configuration, OpenPages' GRC platform provides the ability to develop business applications without coding, which enables OpenPages to respond quickly to new market opportunities and customer demand for new solutions. This metadata-driven approach has allowed OpenPages to release new solutions in rapid succession over the last 18 months. The company c http://www.compliancehome.com/news/FISMA/12941.html Tue, 10 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12934.html Alert Logic, an award-winning provider of on-demand IT compliance and security solutions, today announced that it has signed a partnership agreement with Logicworks, a leading provider of high-availability hosting solutions to support business-critical applications and content. The partnership will provide Logicworks clients with Alert Logics Log Manager and Threat Manager solutions to ensure their networks are secure and compliant with industry and government regulations. Log Manager gives organizations the ability to secure their networks and comply with regulations that mandate log data be collected, regularly reviewed, and securely archived. Threat Manager combines intrusion detection and vulnerability management technology to offer protection from viruses, worms, and other threats brought in by roaming laptops, VPN connections, wireless access points, partner portals, and other supposedly trusted sources. http://www.compliancehome.com/news/FISMA/12934.html Tue, 10 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12933.html At Microsoft Tech-Ed North America 2008, Attachmate Corporation, will showcase its product offerings designed and built for Microsoft Windows Vista and the Microsoft Office 2007 system. Attachmates presence at Tech-Ed further secures its position as the go-to vendor for host access on the Windows Vista/Office 2007 platform. Additionally, Attachmate is announcing general availability of Reflection for the Web 2008, the companys flagship browser-based host access offering. Currently available and attaining traction in the market, Reflection for IBM 2007 is Attachmates built-for-Windows Vista terminal emulation solution. Combining the comprehensive productivity and security feature sets found in Attachmates existing EXTRA! and Reflection host access offerings, Reflection for IBM 2007 strengthens mainframe security, maximizes IT flexibility and provides a set of features that significantly boost user productivity. Reflection is certified for Windows Vista and takes advantage of multipl http://www.compliancehome.com/news/FISMA/12933.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12928.html OpenPages, provider of Enterprise GRC Management Solutions that optimize business performance, today announced it has received a patent for its highly configurable GRC platform. United States Patent and Trademark Office (USPTO) awarded the company U.S. patent No 7,356,771 on April 8, 2008, and the patent describes the company's innovation around developing applications based on a metadata-driven framework. The patent demonstrates the uniqueness of the company's GRC platform and its commitment to product innovation. The patent further illustrates the company's leadership in the market for governance, risk and compliance (GRC) solutions. Through configuration, OpenPages' GRC platform provides the ability to develop business applications without coding, which enables OpenPages to respond quickly to new market opportunities and customer demand for new solutions. This metadata-driven approach has allowed OpenPages to release new solutions in rapid succession over the last 18 months. The com http://www.compliancehome.com/news/FISMA/12928.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12925.html CA, announced CA Security Compliance Manager, a new, internally developed CA security product that delivers capabilities that help CA customers address IT security and compliance with legal, corporate and government regulations. CA Security Compliance Manager focuses on helping organizations automate processes for answering security questions such as Who has access to what? Who can do what? and Who approved what? to help detect security policy or compliance violations and then initiate any necessary remediation. CA Security Compliance Manager is one of three CA identity and access management (IAM) products announced today. These three productsCA Identity Manager, CA Access Control Premium Edition and CA Security Compliance Managerjoin seven other CA IAM products announced in October and November 2007 as part of CA IAM r12. The IAM r12 products are designed to help manage the identity lifecycle, and provide robust IT security controls, analysis and proof of compliance, and autom http://www.compliancehome.com/news/FISMA/12925.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12924.html TraceSecurity, a SaaS provider offering security compliance and risk management software and services, introduced the newest version of their TraceSecurity Compliance Manager (TSCM). TSCM 4.5 is packed with improved functionality that boosts an already powerful offering including auto creation of policies and policy change management and support for Identity Theft Red Flags, NERC CIP Standards, and NIST. With these new enhancements, organizations from a variety of vertical industries can achieve greater security and compliance control over their network, while providing the protection and peace of mind they crave for their customers. The newest version of TSCM provides greatly enhanced functionality and features that strengthen the security and compliance controls of organizations, said Jim Stickley, CTO of TraceSecurity. Features, such as the ability to create comprehensive policies on demand for numerous departments throughout an organization, allow our customers to quickly and easil http://www.compliancehome.com/news/FISMA/12924.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12923.html CA announced the release of CA Access Control Premium Edition. Offering cross-platform creation, deployment and management of complex, specific, role-based access controls for servers, CA Access Control Premium Edition delivers capabilities that help facilitate customers IT security and compliance with legal, corporate and government regulations. CA Access Control Premium Edition is one of three CA identity and access management (IAM) products announced today. These three productsCA Identity Manager, CA Access Control Premium Edition and a new product, CA Security Compliance Managerjoin seven other CA IAM products announced in October and November 2007 as part of CA IAM r12. The IAM r12 products are designed to help manage the identity lifecycle and provide robust IT security controls, analysis and proof of compliance, and automation of compliance processes. http://www.compliancehome.com/news/FISMA/12923.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12921.html KACE, a systems management appliance company announced the results of a new study that revealed nearly two-thirds of IT executives and managers believe their companies have not taken appropriate steps to ensure compliance with the license agreements for software they have deployed. The survey further reveals these same IT executives believe their companies are ill-prepared for a software license compliance audit. Citing insufficient software discovery capabilities and manual license tracking processes, IT organizations are left exposed to painful outside audit risks. The research, consisting of an online survey of almost 350 respondents, was commissioned by KACE to gather data about the current state of software licensing compliance in corporate IT. The survey focused on hot-button corporate issues such as unlicensed software, license compliance processes and tools, and perceptions of the impact of software audits. The survey showed IT organizations have not taken adequate measures to http://www.compliancehome.com/news/FISMA/12921.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12920.html Industry-leading protection components enable optimal operational efficiencies, complete deployment choices and lowest total cost of ownership http://www.compliancehome.com/news/FISMA/12920.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12919.html Secure Web Protection Service is first to offer reputation-enhanced filtering and intent-based anti-malware protection http://www.compliancehome.com/news/FISMA/12919.html Wed, 04 Jun 2008 00:00:00 CST http://www.compliancehome.com/news/FISMA/12895.html VeriSign Enterprise Security Services announced major enhancements to the VeriSign Log Management Service. The enhancements include expanded reporting capabilities, deeper correlation across log sources, and an agreement with ArcSight to integrate support for the company's Logger technology into the VeriSign service. The addition of the ArcSight solution makes VeriSign Log Management Service the first of its kind to support multiple technologies from best-of-breed providers through a fully managed solution. To protect critical information and to comply with government and industry regulations, organizations must monitor a myriad of commercial and custom applications on a variety of different platforms. Doing so is a complex, labor-intensive undertaking. The VeriSign Log Management Service allows customers to collect, analyze and store system and application logs to provide a deeper level of security monitoring as well as meet a broad array of compliance requirements, such as the Paymen http://www.compliancehome.com/news/FISMA/12895.html