USING CFENGINE TO ENSURE IT COMPLIANCE
CFEngine can significantly simplify the implementation and compliance of
IT regulations and security policies.
Our decentralized, small-footprint agent architecture ensures continuous system-wide monitoring and automatic self-repair -- no matter how large or complex the infrastructure.
CFEngine Nova can provide IT compliance reports and complete audits in hours instead of weeks.
Click here to contact us for more information on how CFEngine can help you ensure IT Compliance.
Here is a partial list of the common compliance regulations and policies that CFEngine can uphold:
PCI-DSS
The Payment Card Industry Data Security Standard, also known as PCI DSS is a set of requirements for enhancing payment account data security. Developed by the PCI Security Standards Council -- including American Express, MasterCard, Visa and others -- it helps facilitate the global adoption of consistent data security measures. PCI DSS is composed of high-level requirements designed to secure and protect customer payment data. If you store, process or transmit any cardholder data electronically or manually, then your business must comply with PCI-DSS.
SOX 404
The Sarbanes-Oxley (SOX) act is a U.S. law that requires publicly-traded companies to secure the integrity of organizational and financial data. The law makes a company’s senior management directly responsible for introducing measures for good governance. SOX compliance is not a purely technical matter -- it also encompasses human information trails, and is subject to interpretation of special auditors that judge compliance with the law.
SAS-70
Service providers can be required to demonstrate good governance. The "Statement on Auditing Standards (SAS) No. 70, Service Organizations", is an auditing standard developed by the American Institute of Certified Public Accountants (www.aicpa.org) that has evolved into a well-accepted standard for best-practice among service providers. SAS-70 does not specify an explicit checklist for an audit, rather service auditors are required to follow the AICPA's standards for fieldwork, quality control, and reporting.
ITIL
The IT Infrastructure Library of 'best practices' is rapidly becoming a core standard for industries around the world. It is a framework of guidance for IT governance and human process management, applied to the IT industry. It introduces many concepts, iincluding the Configuration Management Database (CMDB). In particular, the Build-Deploy-Manage-Audit model that neatly captures the IT system life-cycle.
COBIT
The Control Objectives for Information and related Technology (COBIT) is an alternative effort to describe best practices (framework) for information technology management. COBIT provides not only IT users, but also managers and auditors with a set of generally accepted measures, indicators, processes and best practices to assist them in recording and maximizing the benefits derived through the use of information technology.
ISO 27k
The ISO/IEC 27000-series numbering (ISO27k) is a family of information security management standards derived from British Standard BS 7799. These documents provide general advice about IT procedures and technology usage for risk and continuity management. As with other frameworks, no specific checklist of technical requirements is defined, but best practices are recommended.
Click here to contact us for more information on how CFEngine can help you ensure IT Compliance.
Our decentralized, small-footprint agent architecture ensures continuous system-wide monitoring and automatic self-repair -- no matter how large or complex the infrastructure.
CFEngine Nova can provide IT compliance reports and complete audits in hours instead of weeks.
Click here to contact us for more information on how CFEngine can help you ensure IT Compliance.
Here is a partial list of the common compliance regulations and policies that CFEngine can uphold:
Government
STIGs
The Security Technical Implementation Guides (STIGs) are a method for standardized secure installation and maintenance of computer software and hardware created by the Defense Information Systems Agency (DISA) that provides configuration documents in support of the United States Department of Defense (DoD).
An example of using CFEngine 3 for STIGs compliance is available here: http://www.cfengine.com/stigs
SCAP
FIPS 140-2 Communications
Commercial
PCI-DSS
The Payment Card Industry Data Security Standard, also known as PCI DSS is a set of requirements for enhancing payment account data security. Developed by the PCI Security Standards Council -- including American Express, MasterCard, Visa and others -- it helps facilitate the global adoption of consistent data security measures. PCI DSS is composed of high-level requirements designed to secure and protect customer payment data. If you store, process or transmit any cardholder data electronically or manually, then your business must comply with PCI-DSS.
SOX 404
The Sarbanes-Oxley (SOX) act is a U.S. law that requires publicly-traded companies to secure the integrity of organizational and financial data. The law makes a company’s senior management directly responsible for introducing measures for good governance. SOX compliance is not a purely technical matter -- it also encompasses human information trails, and is subject to interpretation of special auditors that judge compliance with the law.
SAS-70
Service providers can be required to demonstrate good governance. The "Statement on Auditing Standards (SAS) No. 70, Service Organizations", is an auditing standard developed by the American Institute of Certified Public Accountants (www.aicpa.org) that has evolved into a well-accepted standard for best-practice among service providers. SAS-70 does not specify an explicit checklist for an audit, rather service auditors are required to follow the AICPA's standards for fieldwork, quality control, and reporting.
IT Best Practices
ITIL
The IT Infrastructure Library of 'best practices' is rapidly becoming a core standard for industries around the world. It is a framework of guidance for IT governance and human process management, applied to the IT industry. It introduces many concepts, iincluding the Configuration Management Database (CMDB). In particular, the Build-Deploy-Manage-Audit model that neatly captures the IT system life-cycle.
COBIT
The Control Objectives for Information and related Technology (COBIT) is an alternative effort to describe best practices (framework) for information technology management. COBIT provides not only IT users, but also managers and auditors with a set of generally accepted measures, indicators, processes and best practices to assist them in recording and maximizing the benefits derived through the use of information technology.
ISO 27k
The ISO/IEC 27000-series numbering (ISO27k) is a family of information security management standards derived from British Standard BS 7799. These documents provide general advice about IT procedures and technology usage for risk and continuity management. As with other frameworks, no specific checklist of technical requirements is defined, but best practices are recommended.
Learn more
Click here to contact us for more information on how CFEngine can help you ensure IT Compliance.
Contact us: USA +1 650 257 0233, International: +47 21 39 94 50 - contact@cfengine.com
CFEngine AS - Borggata 1, 0650 Oslo Norway, CFEngine, Inc. 251 High Street, Suite B Palo Alto, CA 94301 Contact Us
CFEngine AS - Borggata 1, 0650 Oslo Norway, CFEngine, Inc. 251 High Street, Suite B Palo Alto, CA 94301 Contact Us
Copyright 2008-2011 CFEngine AS - All rights reserved
