BigFix Security Configuration Management Libraries Lock on to Compliance Goals

  EMERYVILLE, CA, May 20 (MARKET WIRE) -- 
 BigFix, Inc., a leader in real-time IT security and management solutions
for the distributed enterprise, has reached an important milestone in its
drive to revolutionize system configuration compliance processes through
customer and partner availability of BigFix Security Configuration Management
ComplianceControls (SCMCC). The offering consists of a library of pre-packaged
configuration
audit settings and reporting content designed to provide configuration change
detection, reconciliation against desired security policies, and remediation of
out-of-compliance policies on supported platforms. The BigFix SCMCC solution
operates through the BigFix Discovery 7 technology platform and targets common
industry best practices and regulatory compliance standards, such as the
Standard Technical Implementation Guides (STIG) development by the Defense
Information System Agency (DISA).

    See, Assess, Enforce, Comply

    The SCMCC offering focuses BigFix real-time visibility and control to
support IT regulatory compliance initiatives and security configuration
standards at
scale in heterogeneous environments. Driven by audit and regulatory
compliance needs, IT organizations and CIOs in the vast majority of public and
private organizations lack clear visibility or automated control over compliance
audit and reconciliation of IT infrastructures that can consist of
1000s-to-100,000s of distributed PC, laptop, handheld, and server computers.
The SCMCC configuration audit libraries when distributed, enforced, and reported
through the BigFix technology platform, will change the compliance process from
"push, pray, and probe" to see, assess, enforce, and monitor IT compliance
policies in real-time.

    "The biggest problem that organizations face when defining their
complianceobjectives is visibility. It's simple. You can't prove that you comply
withsomething if you have no visibility into it," said Jim Hansen, senior
product
manager for BigFix. "In our view, compliance and effective IT infrastructure
management should be synonymous. The SCMCC configuration audit libraries are a
big step
in changing compliance from a cost of doing business to an engine for higher
levels of IT effectiveness and value generation."

    "Adding BigFix to the mix will take a big bite out of the complexity and
administrative overhead of implementing and maintaining compliance with
keygovernment and industry standards," said Chris Knotts, director of federal
solutions for Force 3, Inc., a leading solutions integrator focused on the
federal government market. "DISA STIG and FDCC are an excellent place to
start the SCMCC initiative, as these standards are at the top of the list for
security best practices compliance throughout the federal government."

    Real-Time Visibility and Control for Technical Controls Compliance

    BigFix SCMCC leverages the BigFix Discovery 7 platform to bring massive
scalability, real-time visibility, and continuous control across distributed
desktop, mobile, and server endpoint computers subject to regulatory
compliance initiatives. SCMCC consists of a BigFix-developed Library of Common
Technical
Configuration Policies that map to industry or customer-specific technical
control standards on widely-distributed desktop, mobile, and server computers.
The BigFix
Discovery 7 platform provides a consolidated visibility and control fabric to
distribute, apply, and report compliance with a customer's specific policy set.
The BigFix Compliance Controls libraries run today on Windows and UNIX
(including Sun Solaris) platforms, with Linux support currently under testing
and qualification.

    The DISA STIG initiative represents the first set of configuration standards
addressed
by BigFix SCMCC. Developed by DISA in response to the Department of Defense
Directive (DODD) 8500.1, the STIG guidelines are required procedure at DoD
agencies, and have been widely adopted by other federal, state, and local
government agencies, and private sector organizations throughout the world.
Using the SCMCC libraries, the BigFix technology platform's heterogeneous
infrastructure management abilities will enable customers to apply DISA STIG
policies to widely used platforms such as Microsoft Windows 2003 and Sun Solaris
through the BigFix single agent, single infrastructure real-time visibility and
control infrastructure.

    In addition to the base set of configuration audit controls, BigFix has also
announced today that it has engaged DOMUS IT Security Laboratory to perform
Security Content Automation Protocol (SCAP) compliance validation of its Federal
Desktop Core Configuration (FDCC) Scanner for the BigFix Discovery 7 platform on
Windows XP and Windows Vista. The validation will also include coverage for
the Authenticated Configuration Scanner, Authenticated Vulnerability and Patch
Scanner, Patch Remediation, Asset Scanner, and Asset Database. These solutions,
combined with the FDCC Scanner SCAP validation, will enable federal agencies
to thoroughly and accurately report on system configurations and security
posture as mandated by the OMB. This validation demonstrates BigFix's commitment
to support strategic government initiatives such as SCAP and other standards
from
organizations such as DISA and NIST.

    About BigFix

    BigFix(R), Inc. offers the only real-time converged PC and server
lifecycleconfiguration and endpoint protection framework that enables
organizations to see,
change, and enforce IT policies in real-time at global scale. Designed for
highly distributed and complex IT infrastructures, BigFix delivers real-time
endpoint visibility and control through its single-agent/single console,
multi-function, on-demand architecture. Its award-winning technology is
proven in production in top-ranked Wall Street financial firms; leading
retailers; healthcare delivery organizations; national, state/provincial and
local
governments; and educational institutions. For more information visit
www.bigfix.com.

    Copyright 2008 BigFix, Inc. All rights reserved. All company and product
namesmentioned herein may be trademarks of their respective companies.

    

Press contact:
Rosemary Miller
Citigate Cunningham for BigFix, Inc.
415-618-8720
Email Contact

Copyright 2008, Market Wire, All rights reserved.

-0-