Symantec Control Compliance Suite

Symantec Control Compliance Suite, Policy Management assists with defining and mapping of policies to best practices, frameworks, and regulations, and identifies overlaps in control objectives to reduce duplicate assessment efforts. Symantec’s Policy Management also automates the distribution of written policies throughout the organization, tracking end-user policy acceptances and exception requests. It collects evidence of compliance to control objectives through integration with other Symantec Control Compliance Suite components that provide both procedural and technical assessments, thus enabling analysis and reporting on compliance efforts. In addition, Policy Management ships with over 125 sample policies and policy templates, and is fully and easily customizable. Newly enhanced reporting and dashboard capabilities allow more flexibility for distributing information.

Entitlements module gathers effective permissions on data from across the enterprise, translates those permissions into a consistent human readable format, associates management classification to the data, and electronically route the information to business owners for access approval. Entitlements approval are tracked and tied to analysis/audit reports as controls evidence.

Symantec Control Compliance Suite, Response Assessment Management automates the assessment of procedural, non-programmatic controls. These non-programmatic controls make up the majority of objectives laid out in regulatory mandates (SOX, HIPAA, FERC), standards (PSI-DSS) and frameworks (ISO, COBIT). Organizations often rely on paper-based assessments that are expensive and difficult to manage. RAM manages the manual assessment process from questionnaire creation and distribution to analysis of response data. RAM is a tightly integrated module within the CCS suite. As a result, CCS provides unique integration of both procedural and technical controls status and reporting, thus ensuring comprehensive policy coverage.

Standards module automates the management of deviations from technical standards and provides the ability to remediate misconfigurations. Standards Module provides pre-packaged technical standards that granularly define best practices for securing servers and databases and trends compliance to these standards. In addition, the CCS Standards Module provides detailed remediation instructions to correct deviations and integrates with existing change control ticketing systems to ensure that changes are made only after appropriate authorization and with proper oversight.