Video Screencast Help
Security Community Blog

Creating a Compliance Framework with Symantec products

Created: 26 Apr 2010 • 3 comments
Neil Christie's picture
0 0 Votes
Login to vote

I want to create this blog to start sharing ideas on how different customers of Symantec products are using them to create a compliance framework.  I am going to explore the two main areas of my expertise, but would invite anyone using any other Symantec products to inject comments where appropriate. 

The two products that I am going to focus on are as follows:

- Symantec Control and Compliance Suite Version 9 (CCS)

- Symantec Data Loss Prevention Version 9 (DLP)

I will be sharing as appropriate the road traveled for our compliance program.

The first mile on the compliance highway includes the following:

- Install and configure DLP discover to create an inventory of where sensitive data resides
- Install and configure CCS and run Center for Internet Security (CIS) baselines across relevant technologies in use
- Create seperate CCS Standards for each technology based on CIS
- Remove and modify CIS checks that do not apply to your environment
- Create a sign off on the standards from senior IT management

The second mile is being developed with lots of ideas coming to life.  I will promise to keep this updated as new events transpire.

If there is any one topic that is touched upon that you would like more detail let me know.

Enjoy.

Neil Christie

Comments 3 CommentsJump to latest comment

Neil Christie's picture

I have added the upgrade to version 10 to my road map.  The main reason this is exciting for my compliance framework is the new web enabled dashboards.  Today, due to the contraints of the current interface and the inability to get the console deployed I have to print out status and share in a meeting.  With the web enabled piece I will be able to share a URL and ask the relevant management and auditors to visit when necessary. 

-1
Login to vote
Neil Christie's picture

I have been able to obtain signoff from the server and desktop operation teams on the standards.  They have boiled down to nearly 100 checks per operating system.  The challenge is to clean up the machines that are not in full compliance.  We are taking a risk based approach to fixing any issues.  The first target was the domain controllers.  They are now over 98% compliant with the standard and we are working to create exceptions for the remaining items.  The last step in the process is to now operationalize the standards check.  On a monthly basis we scheduled an evaluation to run with an "Asset Compliance by Technical Check" report scheduled to send just the failed items to our ticketing system for the server operations team to work.

We are now moving on to the next operating system of Windows 2008.

+3
Login to vote
Neil Christie's picture

I am now working to document the differences between the CIS benchmarks that have been provided from Symantec and then justify why they don't work in our environment.  This is going to be one of the more difficult pieces to the puzzle.  Not looking forward to it.

+3
Login to vote