News

NetIQ Adds Federal IT Support to Compliance Manager Suite

• By Stuart J. Johnston
• 09/21/2005

New templates that have been added to the product now support compliance requirements under the Federal Information Security Management Act or FISMA, company officials say.

“FISMA is the federal equivalent of the Sarbanes-Oxley Act,” says Greg Davoll, group product manager for security products at NetIQ. “Our goal [with the new templates] is to help these federal agencies automate those policies.”

IT managers everywhere in the United States today are confronted with increasing demands from business comptrollers and government watchdog agencies to ensure that data and programs are safe from theft, tampering or destruction. This is particularly true because of the highly-networked nature of modern businesses. Government is not immune to oversight.

FISMA is intended to bolster computer and network security within the federal government and among government contractors by mandating yearly audits. The 2002 law mandates that federal IT organizations put policies, procedures and technologies in place to protect the nation’s information technology infrastructure.

Among other goals, the text of the law (FISMA) demands that federal IT managers “provide effective governmentwide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities.” To date, however, audits of government security compliance have shown that massive improvement is needed throughout government.

An annual report card prepared by the House Government Reform Committee using information provided under FISMA to the Office of Management and Budget gave the federal government overall a D+ for 2004, barely higher than 2003’s report card. Last year, only two federal agencies – the Agency for International Development and the Department of Transportation – got As. By comparison, the Department of Homeland Security and the Department of Energy were among seven agencies that received Fs. Even NASA only rated a D+.

NetIQ FISMA Essentials policy templates join other templates that help IT assess and report compliance with multiple regulations, including Sarbanes-Oxley, HIPAA, GLBA, FERC and FDA. The NetIQ Security Compliance Suite combines the latest version of the San Jose, Calif. company’s Vulnerability Manager product with components of its Security Manager product.

The bundle is based around Vulnerability Manager 5.5, the latest version of NetIQ's flagship policy compliance and vulnerability management product. Released in December 2004, it provides tools for configuration management, vulnerability assessment and vulnerability notification and advisory functions as well as policy and regulatory compliance auditing. In addition, it provides tools for patch management and remediation.

The bundle’s policy compliance capabilities can be used to assess all systems configurations for compliance with policies. Configuration and vulnerability assessment functions help to make sure that systems are up to date with all the latest security patches and have not been compromised.

NetIQ Security Compliance Suite comes in Standard and Enterprise editions. The Standard edition is comprised of NetIQ Vulnerability Manager and the Log Manager module of NetIQ Security Manager. It starts at $800 per server. The Enterprise edition includes the Standard edition, and also provides real-time security monitoring through the Intrusion Manager module of NetIQ Security Manager. It at $1,120 per server.