1. /
  2. Products & Solutions/
  3. Products/
  4. Control Compliance Suite

Symantec Control Compliance Suite

Enable Risk-prioritized Data Center Security Operations and Compliance

Control Compliance Suite delivers business-aware security and risk visibility so that customers are effectively able to align priorities across security, IT operations, and compliance. It automates continuous assessments and delivers a unified view of security controls and vulnerabilities. With Control Compliance Suite, customers are able to harden the data center, prioritize security remediation, enable the secure migration to the software-defined data center, and support continuous assessments for Cyber Security and Continuous Monitoring.

New Features

Control Compliance Suite Standards Manager offers enhanced capabilities for ensuring security and compliance across physical and virtual data centers:
  • New patented Lighstpeed discovery algorithm offers a less-intrusive and nonauthenticated approach for asset discovery across networks and hosts.
  • SCAP 1.2 and OVAL 5.10 support for continuous monitoring.
  • Support for ISO 27001-2013.
  • Support for NIST Cybersecurity Framework in SCU 2014-1.
  • Support PCI DSS v3.0 in SCU 2014-1.
  • Updated platform support for UBUNTU, Windows 2012 R2 & SQL 2012.
Control Compliance Suite Vendor Risk Manager enables you manage the risks posed by your third party business process services, application developers, and cloud service providers by automating security and compliance assessments:
  • Create and evaluate vendors based on tiers as defined by their importance or potential risk to the organization.
  • Additional software security and fourth-party risk questions for analyzing vendor security controls throughout your information value chain.
  • Auto-calculate vendor risk scores based on multiple evidence sources, and enhance risk scoring by enabling risk weighting by risk areas.
  • OCIL 2.0 support.
  • Integrate directly with Veracode to automate third-party application scanning of application developers and cloud service providers.
  • Application providers are able to upload scan results directly from Veracode via the Symantec Control Compliance Suite Vendor Risk Manager Relationship Gateway.
  • Enable variable scoping, thus allowing the customer to scope/add multiple vendors, software, and service solutions into a single relationship assessment.

Key Features

Symantec Control Compliance Suite (CCS) is a modular, highly scalable, and comprehensive solution for automating security and compliance assessments across the physical and virtual data centers, and across public clouds. Each of the seven Control Compliance Suite Modules is available independently or as part of a broader suite. The Control Compliance Suite Control Studio and Infrastructure combines evidence from the multiple modules as well as third party systems, and maps assets and evidence to control statements, standards, and policies and regulations to enable mandate-based reporting and risk assessments. Role-based, customizable Web-based dashboards, and reports enable the organization to measure risk and track the performance of its security and compliance programs. Workflow integration with remediation ticketing systems enable organizations to align security operations with compliance and risk management operations, prioritize risk mitigation and remediation activities, and optimize security and IT operations.
  • Symantec™ Control Compliance Suite Policy Manager automates policy definition and policy life cycle management with out-of-the-box policy content for multiple mandates, automatically maps assets to controls, standards and regulatory mandates, identifies common controls to enable “assess once and report to multiple mandates”, and delivers content and technical standards updates on a quarterly basis.
  • Symantec™ Control Compliance Suite Risk Manager aligns security and compliance operations with business priorities by defining risks according to business thresholds, mapping risks to assets, controls and owners, calculating risk scores. This information can be used to prioritize resource allocation, enable alignment of security operations with compliance, and prioritize risk mitigation and remediation. Customers also utilize Risk Manager to measure and track the performance of its compliance and risk reduction programs.
  • Symantec™ Control Compliance Suite Standards Manager is a leading asset discovery and configuration assessment solution. The solution is employed to harden the physical and virtual infrastructure, detect configuration drifts, and evaluate if systems are secured, configured, and patched according to standards for security operations and compliance reporting.
  • Symantec™ Control Compliance Suite Vulnerability Manager performs end-to-end vulnerability assessment of Web applications, databases, servers, and network devices, delivering a single view of security threats and vulnerabilities across the physical and virtual infrastructure.
  • Symantec™ Control Compliance Suite Virtualization Security Manager enables role-based separation of duties and access within the virtual infrastructure; monitors and reports on the activities of privileged users within the virtual environment, and assesses for compliance to privileged user virtualization security policies.
  • Symantec™ Control Compliance Suite Assessment Manager automates the assessment of procedural controls governing employee behavior. Assessment Manager offers out of the box, comprehensive coverage for 100+ regulations, frameworks & best practices that are translated into questionnaires to assess the effectiveness of procedural controls. These questionnaires can also be used to evaluate overall employee security awareness and to support security awareness training.
  • Symantec™ Control Compliance Suite Vendor Risk Manager enables the continuous assessment and security of your information supply chain including third- and fourth- party business process services, application developers, and IT infrastructure and cloud service providers. Vendor Risk Manager facilitates the secure onboarding and offboarding off critical suppliers, and the program management of supplier-related data breach incident response and risk remediation and reduction efforts.

Key Benefits

In addition to the benefits that each individual Control Compliance Suite component provides, the broader suite delivers the following key benefits:
  • Automate the assessment of security controls.
  • “Test-once and report to many” thus enabling unified mandate-based reporting and risk analysis of the security and compliance posture.
  • Align security operations with compliance by prioritizing remediation actions according to the calculated risk posture of assets, processes, and workloads.
  • Harden and protect the physical and virtual infrastructure.
  • Support continuous monitoring programs.
  • Manage security and compliance in the data center including public cloud.
  • Continuously measure and monitor the effectiveness of security and compliance programs over time.
  • Support risk-aware and compliant migration into virtualized and software-defined infrastructure environments.
To learn about the benefits of each component, view the data sheets.