Symantec Control Compliance Suite

Announcing Symantec’s Control Compliance Suite 9.0

Symantec Control Compliance can provide an end-to-end coverage of the IT compliance lifecycle:

Define: Identify IT compliance objectives, assess risk, create written policies, and automatically maps these policies to external mandates such as regulations (SOX, PCI, etc.) and frameworks (e.g. ISO, COBIT, NIST) and to control statements that are provided out-of- the-box.

Assess: Automatically test and monitor compliance of technical and procedural controls against company policies., providing a library of over 6,000 control statements.

Report: Generate customizable, reporting capabilities required to support multiple stakeholders, ranging from detailed reports for security and IT operations to high level reports for executive management and external auditors. Real-time reporting of policy violations is also supported.

Remediate: Provides detailed remediation instructions to fix deficiencies in controls. Risk-weighted remediation allows you to prioritize remediation efforts based on business impact.

Symantec’s Next Generation Compliance Automation Solution offer:

IT Business Alignment – Policy risk scoring, a new asset centric approach , significant enhancements to workflow, and very powerful out-of-the box executive reporting

Ease of IT Audit – Provides the most comprehensive, automated, evidence collection, the industry’s only product that provides integrated technical controls, procedural controls, and entitlements out of the box. CCS provides audit ready reports that are easily customized, additional enhancements include the capability to collect and report on effective permissions, and provides robust evidence attachment capabilities to our response assessment questionnaires.

Integrated, Open Platform – Provides the broadest platform support in the industry. CCS supports multiple Microsoft, Unix, Linux, databases, etc., including several special platforms like AS/400. Control Compliance Suite provides maximum flexibility based on your deployment requirements. Customers have a choice of implementing agent-less or agent based architecture, all leveraging a single integrated application and reporting infrastructure and data repository. Control Compliance Suite has significantly enhanced and simplified third- party tools and business process integration.

Product Features

Policy Management

• New policy creation wizard
• New mapping interface
• Enhanced integration
• Exception management
• Asset system
• Policy risk rating
• Enhanced reports and dashboards

Standards – Technical IT Controls Assessment

• Standards-based data collection (agent-less or agent based)
• Composite standards
• Enhanced IT controls check-builder
• Extended platform support

Entitlements Reporting and Approval Workflow

• Entitlement management for databases (Oracle and SQL Server)
• Entitlement change reporting
• Enhanced reporting
• Exception management support for second-level approval

Security Information Manager

• Compliance and audit reporting
• Log retention and retrieval
• Real-time threat analysis
• Automated incident prioritization
• Incident remediation workflow
• Align security and compliance requirements with IT operations
• Provide appropriate security service levels to different business units and geographies