Today's IT professionals are faced with the task of ensuring the continuous compliance of their IT infrastructure with an overwhelming spectrum of policy and regulations: PCI for retailers; SOX for sensitive financial information; NERC for energy suppliers and power regulators; HIPAA and HITECH for medical professions; CIS, DIA, and NIST for sensitive security systems. And this list continues to grow.
NNT Log Tracker Enterprise provides a comprehensive solution to any compliance mandate requiring log collection and retention. Event log analysis is a key weapon in the fight against any cyber attack. Identifying the method and source of an attack allows preventative measures to be continually improved. This is why all security policies place log retention at their core. PCI DSS compliance requires logs to be gathered and reviewed daily and retained for at least one year. Similarly, for GCSx Code of Connection, or Co Co, compliance, audit logs recording user activities, exceptions and information security events are to be retained for at least 6 months.
NNT Change Tracker Enterprise provides configuration assessment policies out of the box... Change Tracker Enterprise enables IT organizations to assess the entire IT Infrastructure against security benchmarks for both physical and virtual configurations, and quickly achieve configuration compliance and integrity. Best of all, it can dramatically cut both audit preparation time and cost and bring the infrastructure into a state of continuous compliance. Examples include:
Change Tracker Enterprise gives merchants, service providers, Government Offices and acquiring banks confidence that they've secured sensitive cardholder data and have proof of continuous PCI compliance for Auditors. Use in conjunction with Log Tracker Enterprise to meet and exceed PCI DSS requirements for event log gathering and retention.
GCSx Code of Connection (CoCo)
The UK Government’s Code of Connection security standard requires all network ‘touchpoints’ to be protected and secured from potential cyber attacks. Change Tracker Enterprise ensures that your network and servers remain in a securely configured state. Log Tracker Enterprise gathers and stores event log messages for all relevant systems in line with CoCo requirements.
Change Tracker helps organizations across the power industry comply with NERC Cyber Security Standards CIP 003-6, 005-1, and 007-1, with policies that meet the requirements outlined in 005 and 007.
ISO 27000 / ISO 27001 / ISO 27002/ ISO 27K
The ISO27K standard defines the concept of an Information Security Management System, encompassing risk assessment and measures to mitigate risk , including business continuity. Change Tracker Enterprise underpins your Change Management process to ensure device configuration settings are automatically tracked and backed up at all times.
With Change Tracker Enterprise, IT ensures compliance with important controls from the COBIT framework and generates evidence of compliance in an audit.
Public companies subject to SOX compliance save time and money getting IT systems compliant and proving compliance in an audit using NNT’s automated configuration assessment policy for SOX followed by NNT's proven change auditing.
The GLBA (Graham-Leach-Bliley Financial Services Modernization Act focuses on the cyber security of financial sector organizations, including commercial and retail banks, investment firms, and related insurance companies.
Based on best practices from NIST, DISA and the NSA, NNT ensures Windows XP machines are configured according to the settings of the Federal Desktop Core Configuration (FDCC).
NNT's Microsoft IIS policy provides configuration control of Microsoft IIS servers, giving administrators confidence they can deliver important business services like e-commerce and customer support.
By assessing Microsoft Exchange Server configurations against the expert settings included in NNT's Microsoft Exchange policy, IT easily ensures business communications stay up and running 24/7.
With Change Tracker Enterprise, organizations gain greater visibility into the configuration of their VMware ESX hypervisors and take a major step toward achieving a known and trusted state for their virtual environment.