Vanguard Configuration Manager significantly reduces the cost and time required for government agencies and contractors to test and assess their compliance with the NIST SCCP STIGs for System z and RACF, the minimum configuration controls required for these systems. The new release automatically scans for compliance with versions 6.4, 6.5 and 6.6 of the NIST SCCP z/OS STIG checklists, which are based on the DISA STIGs for z/OS and RACF. Vanguard Configuration Manager also enables the Department of Defense and its outsourcers to comply with section 931 of the National Defense Authorization Act of 2011, which requires, "Continuous monitoring of Department of Defense information systems for cybersecurity."
Organizations that have deployed Vanguard Configuration Manager are saving thousands of hours each year when performing quarterly assessments of System z in accordance with NIST SCCP requirements. Those that implement continuous monitoring will save tens or hundreds of thousands of hours each year by deploying Vanguard Configuration Manager.
Continuous monitoring is one of six steps in the Risk Management Framework described in NIST Special Publication 800-37, Revision 1. In the report, NIST states, "A critical aspect of managing risk to information from the operation and use of information systems involves the continuous monitoring of the security controls employed within or inherited by the system."
"Without Vanguard Configuration Manager, it is extremely difficult for government agencies and contractors to assess and report quarterly on their compliance with configuration control requirements," Ringelberg continued. "And, without an automated tool like Vanguard Configuration Manager, it is impossible for them to move to continuous monitoring of System z security configuration controls, which is the most effective way for organizations to identify security vulnerabilities."
The United States
About Vanguard Integrity Professionals
the United States the United States
SOURCE Vanguard Integrity Professionals