The Industry Challenge
Federal and Commercial organizations face significant regulatory compliance requirements and penalties when governance of Enterprise IT is overlooked.
BMC Software’s TrueSight Automation for Servers delivers a strong foundation for compliance management. However, application compliance remains a critical gap in addressing this challenge.
Enterprises are often caught in the perpetual cycle of:
- Time consuming manual evaluation of controls.
- Lack of consistency and human-error when evaluating and auditing.
- Manpower extensive activities with even evaluating only a few controls against thousands of systems.
While TrueSight Automation for Servers (TAS) provides a fabulous automated mechanism to evaluate a large environment against technology controls, the reality is:
- Creating complex Application Component Templates is time consuming.
- Translating controls from a regulatory body such as DISA into TAS rules is tedious and complex.
- Determining how to perform data retrieval from technology components (e.g. databases) is a non-trivial process.
- Normalizing unstructured data from technology components can be cumbersome and laborious.
- Creating evaluations (rules) are tedious and can be error-prone without best practices.
- Performing constant manual evaluations against IT is labor intensive and inconsistent.
The Perfect Solution – ZipKits
Accelerate your Compliance
- Drive strong governance of application compliance through pre-built regulatory compliance packages.
- Pre-validated and tested data retrieval mechanisms for each technology component.
- Normalization of unstructured data is built-in to facilitate evaluation.
- Evaluation methodology for each rule leveraging years of BMC best practices.
Automation = Repeatability
- Minimize labor-intensive manual checks against your infrastructure.
- Scale compliance checks against hundreds of thousands of assets.
- Consistently evaluate controls against existing and new applications.
Reusable and Scalable
- Leverage Existing TrueSight Automation for Servers (Bladelogic) investment.
- Increase the utilization and value of your automation initiatives.
- Turn-key subscription model provides updates and support.
Availability and Approach
Each ZipKit is organized based on the following structure:
- Regulatory Body – the organization responsible for this regulation. We currently support:
- Defense Information Systems Agency (DISA)
- Center for Internet Security (CIS)
- Payment Card Industry – Security Standards Council (PCI SSC)
- Health Information Portability and Accountability Act (HIPAA)
- Technology Component – the pertinent technology under regulatory control. For example:Domain – the scope within a technology:
- IIS Server
- Microsoft SQL
- Apache Tomcat
- Domain – the scope within a technology:
The combination of Regulatory Body, Technology Component, and Domain represent a ZipKit offered by VVL Systems.
Pricing and License structure
Each ZipKit is priced as a 1 Year Subscription model which includes:
- Access to the licensed ZipKit.
- 8×5 business hours (Monday – Friday) email and phone support from VVL BMC experts.
- Unlimited access to ZipKit updates and releases during the license term.
- 2 days of technical enablement designed to help customers with “Last Mile” integration to your technology stack.
How to Buy
Alternatively, you can buy from BMC through your existing BMC Sales Representative, as this solution is available through the BMC MarketZone program. More information on MarketZone offering is available at BMC Marketplace.