Vanguard Integrity Professionals, a provider of enterprise security software for mainframes, has announced the general availability of Vanguard Configuration Manager, new software that aims to reduce the cost and time required to test mainframe systems to assess their accordance with the Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs). According to Vanguard, its new configuration management software is the only fully automated baseline configuration scanner for mainframe DISA STIGs today.
More than 100 federal agencies rely on mainframes in their major data centers. Some are directly managed by the agencies and others are managed by outsourced service providers, states Vanguard, which notes that under the Federal Information Security Management Act (FISMA), and the National Institute of Standards and Technology (NIST) guidance, US government agencies and contractors with mainframe systems should check that their systems comply with the security configuration controls in the DISA-STIG configuration controls.
Until this summer, while there were configuration control standards for other platforms, there was no set of configuration control standards for the mainframe with which federal agencies and outsourcers had to comply, Steven Ringelberg, chief operating officer of Vanguard, tells 5 Minute Briefing. Part of the difficulty is that most government entities and federal outsourcers aren't used to doing this reporting, he explains. "They haven't read these STIGs before, they haven't used them before, and the other thing is that the mainframe compared to any other platform is a really big beast. It's a very complicated and really large system."
Configuring a mainframe to comply with the configuration controls in the DISA STIGs can be complex, and testing that the mainframe is properly configured can be very time-consuming and sometimes difficult to do. There are about 320 checks that must be done in accordance with DISA STIGs and for some of those checks you actually have to check hundreds of thousands of control points, he notes. To do that manually often leads to what he calls the "Mackinac Bridge syndrome," with the task so huge that before you can finish, it is time to start again.
Vanguard has automated the DISA STIG compliance reporting process and built intelligence about the DISA STIG checks right into its product. "Having an automated tool reduces the amount of time it takes and also, based on our out-in-the-field comparisons, reduces the error rates significantly." According to Vanguard, beta testers of Vanguard Configuration Manager estimate that it will save thousands of hours and hundreds of thousands of dollars each year.
For more information about Vanguard Configuration Manager, FISMA requirements, NIST standards and guidance, and the DISA STIG, go here.