INDUSTRY INSIGHT
How automation takes the time and guesswork out of security compliance
As this fiscal year wraps up, many agencies are planning their response to compliance reporting requirements. Meeting these requirements -- particularly in advance of an audit -- can be incredibly time-consuming. While the Defense Department has made managing risk easier through Security Technical Implementation Guides (STIGs), it’s still dependent upon IT staff to help ensure their systems are continuously secure and compliant -- throughout the year, not just at a point in time.
Government IT systems are complex, budgets are limited and threats are constantly evolving. Ensuring that those systems have the right security controls, processes and documentation in place to demonstrate compliance with security standards can be challenging, but the effort is highly manageable, especially with automation. Let’s consider how government IT professionals can use automation to take the time and guesswork out of compliance.
The problem with STIGs
A STIG is a set of security hardening standards and maintenance processes for networks, systems and platforms all DOD IT assets must comply with. There are hundreds of possible STIGs -- each with thousands of rules that must be followed -- and the number only continues to rise as new systems, versions and updates come online.
Monitoring server and network configurations against these compliance policies can be cumbersome. Even with the best change-control processes, it requires an army of people to manage and track all the configuration changes happening within the IT infrastructure. If a system has a particular STIG applied to it and happens to deviate from that ..
Support the originator by clicking the read the rest link below.
