PatchLink Security Configuration Management
Security Configuration Management Made Easy from Assessment to Remediation
Lumension Security™ - PatchLink Security Configuration Management™ provides out-of-the-box regulatory, standards-based assessment and industry best practices templates to ensure endpoints and applications are properly configured. PatchLink Security Configuration Management™ seamlessly integrates with its proven, market-leading solutions, PatchLink Scan and PatchLink Update, to deliver a comprehensive network and agent-based risk assessment of software flaws and configuration vulnerabilities, rapid remediation, continuous validation and policy compliance reporting. PatchLink Security Configuration Management™:
- Delivers Security Content Automation Protocol (SCAP) validated configuration assessment
- Enables the standardization of endpoint and application configurations
- Ensures endpoint and application configurations are continuously secured
- Proactively eliminates vulnerabilities
- Maps technical controls to regulatory policies, industry standards or corporate policies
- Demonstrates policy compliance by reporting configuration status against regulations and industry standards such as Federal Desktop Core Configuration (FDCC) and Payment Card Industry (PCI-DSS) as well as customized policies
- Reduces exposure to operational and financial risk
Overview
Comprehensive Security Configuration Management and Compliance
Leveraging Security Content Automation Protocol (SCAP), PatchLink Security Configuration Management™ automatically maps security policies to technical controls, enabling organizations to standardize and secure endpoint configurations and easily demonstrate compliance with regulatory policies and industry standards such as Federal Desktop Core Configuration (FDCC) and Payment Card Industry (PCI), among others.
Sponsored by NIST, SCAP is a repository of security content used for automating technical control compliance activities, vulnerability checking of both application mis-configurations and software flaws, and security measurement. The primary output from SCAP are security checklists in a standard eXtensible Markup Language format that agencies (and vendors) can use via automated commercial products to help build, operate, measure and maintain secure systems according to official government security recommendations. Each security checklist contains instructions for configuring information technology products for an operational environment or verifying that an information technology product is already securely configured.
Combining standards-based assessment with network and agent-based scanning, automated remediation, policy enforcement and security measurement, Lumension Security provides the most comprehensive solution to securing endpoint configurations and policy compliance.
How Does PatchLink Security Configuration Management™ Help Government Agencies Comply with FDCC?
As a NIST validated solution, PatchLink Security Configuration Management™ provides a comprehensive list of SCAP policies with hundreds of defined checks, allowing organizations to quickly evaluate their security posture and determine what must be fixed to meet FDCC standards. In addition, customized templates ensure that assessments are tailored to the various compliance policies that fit an agency’s specific requirements. PatchLink Security Configuration Management™ streamlines this process by facilitating the simple importing and exporting of policies across multiple Vulnerability Management Servers, enabling the same policy documents to be shared by network and agent-based scanners. This eliminates the need to manage and interpret a wide range of different policies and results from non-integrated scanners and agents. Additionally, manual security checks (such as physical security ones) can also be setup into PatchLink Security Configuration Management™ checks in order to provide a complete policy monitoring and management view.
How Does PatchLink Security Configuration Management™ Help Financial Organizations Comply with PCI-DSS?
To address PCI-DSS, a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures, PatchLink Security Configuration Management™ ingests the PCI policy template and maps technical controls to the detailed requirements. PatchLink Security Configuration Management™ automates the policy assessment of specific PCI requirements, including manual checks where appropriate, and monitors and reports against the requirements to ensure comprehensive PCI compliance.
What about other regulations such as Sarbanes Oxley, GLBA, HIPAA, ISO 17799, etc?
PatchLink Security Configuration Management™ can be used to monitor and report on any set of policies that follow the SCAP checklist standards. While FDCC and PCI-DSS are available out-of-the-box for immediate implementation, any other security standard policies can be mapped to SCAP standard checklists allowing PatchLink Security Configuration Management™ to control against these checks. The use of eXtensible Markup language (XCCDF/XML) within SCAP checklists standard enables any organization to perform the policy mapping. Lumension Security Professional Services can also help achieve any type of security policy mapping, should it be from regulatory compliance requirements, industry best practices requirements or specific to an organization.
Features & Benefits
- SCAP Validated FDCC Scanner: This NIST validation provides another level of confidence with ensuring accurate assessments of policy checklists and configurations as defined in the National Vulnerability Database
- Open, standards-based approach: Leverages security best practices to ensure secure configurations; content pulled from a variety of sources including: OVAL Vulnerability fingerprints, SCAP, FDCC Compliance
- Checklist, PCI Compliance Checklist, NVD, Microsoft Patch Fingerprint, etc.
- Delivers actionable information: Consolidates content from variety of sources and delivers information with context to properly remediate
- Policy Management: Provides the ability to define, edit and import/export security configuration policies.
- Policy Assessment: Delivers a flexible mechanism to assess and apply appropriate policies to applicable systems.
- Results and Reports: Demonstrates policy compliance with high and low level reports on the status of endpoint configurations..
- Policy Enforcement: Maintain compliance, leveraging automated remediation and policy enforcement with PatchLink PDK.
- Mature (PatchLink Update and Scan) delivery platform for assessment and reporting - SCM is expanded functionality on top of a proven base
- Centralized User Interface: Technical controls and asset entities are consolidated into a single UI
Leader in Development of SCAP Standards
Leader in Development of SCAP Standards
With a solution officially validated by NIST, Lumension Security is a leader in the development of standards including proposing a format for SCAP Remediation in August 2006 and a database pattern for all (current and future) SCAP documents, results and reports. Lumension was engaged with the NIST SCAP well before the OMB mandates and have experienced staff working on our solutions.
Links of Interest to know more:
- SCAP Validated Products
http://nvd.nist.gov/scapproducts.cfm#scapproducts - SCAP Home Page
http://nvd.nist.gov/scap.cfm - FDCC Home Page
http://csrc.nist.gov/fdcc/ - FDCC SCAP CheckLists
http://nvd.nist.gov/scapchecklists.cfm - CVE Home Page
http://cve.mitre.org/ - OVAL Home Page
http://oval.mitre.org/ - XCCDF Home Page
http://nvd.nist.gov/xccdf.cfm - FISMA Implementation project
http://csrc.nist.gov/groups/SMA/fisma/ - PCI DSS Home Page
https://www.pcisecuritystandards.org/
Requirements
Minimum Requirements with PatchLink Update
| Hardware |
Single 1.4 GHz CPU on x86 |
||||
| Operating System | Windows Server 2003, Web Edition with SP1 or later | Windows Server 2003, Standard Edition with SP1 or later | Windows Server 2003, Enterprise Edition with SP1 or later | Windows Server 2003 R2, Standard Edition | Windows Server 2003 R2, Standard Edition |
| Web server |
Microsoft® Internet Information Services (IIS) 6.0 |
||||
| .NET Framework | Microsoft® .NET Framework 1.1 SP1 | Microsoft® .NET Framework 2.0 | |||
| Web browsers | Microsoft® Internet Explorer | Mozilla FireFox | Apple Safari | ||
| DB Server | Microsoft® SQL Server 2005 Express Edition with SP2 | Microsoft® SQL Server 2005 Standard Edition with SP2 | Microsoft® SQL Server 2005 Enterprise Edition with SP2 |
||
Note: PatchLink Update Server installs SQL Server 2005 Express Edition RTM during installation. Therefore, you must not have any database server installed prior to the installation of PatchLink Update.
PatchLink Update Agent Coverage - Supported Client OS
| Vendor | Processor Family | OS Version | OS Edition | OS Bit |
| Microsoft Windows | ||||
| X86/x64 | Windows XP | Professional | 32/64 | |
| Windows 2003 | Web Standard Enterprise R2 |
32/64 | ||
| Windows Vista |
Enterprise Business Ultimate Home Premium Home |
32/64 | ||
Minimum Requirements with PatchLink Scan
| Hardware |
Pentium® compatible 1 GHz |
|||
| Operating System | Windows 2000 Server SP4 | Windows 2000 Advanced Server SP4 | Windows XP Professional SP2 | Windows Server 2003 SP1 |
PatchLink Scan Supported Target Systems
| Operating System / Version | Discovery | Assessment | Remediation |
| Windows 2003 Server X86/X64 | P | P | P |
| Windows XP X86/X64 | P | P | P |
| Windows Vista X86/X64 | P | P | P |
Brochures
- Lumension PatchLink Security Configuration Management Product Datasheet (PDF: 359 KB)
- Lumension PatchLink Security Configuration Management System Requirements (PDF: 48.3 KB)