Symantec Control Compliance Suite

Managing IT security, risk and compliance puts enormous burden on today’s enterprise organizations. Increasingly complex IT infrastructures make it difficult to have proper insight into the overall IT risk and compliance of the company, as well as to control deviations from standards like ISO 27001, PCI DSS or others.

Ask yourself:

  • In the last compliance audit, how much time and effort was needed for providing all the necessary information to the auditors?
  • How do you know that the configuration of your IT infrastructure is still compliant with the applied standards one month after the audit
  • Do you want to perform all these manual and labor-intensive tasks when the next compliance audit comes?

Gain control of IT risk and compliance

Symantec Control Compliance Suite 11 allows you to better manage all aspects of your organization’s IT risk, while demonstrating compliance with multiple standards at much lower levels of cost and complexity.

Symantec Control Compliance Suite automates the entire risk management and compliance process, including:

  • policy definition
  • controls mapping
  • controls assessment
  • reporting and remediation.

You can take advantage of out-of-the-box regulatory content on multiple industry standards and regulations like (ISO 27001, PCI DSS, FISMA, HIPAA); automated assessment of technical and procedural controls; dynamic Web-based dashboard reporting; and integration with other Symantec security solutions.

Define policies and controls

Usually, policy definition and management is a complex task requiring deep knowledge of regulations and frameworks which are constantly changing. Control Compliance Suite Policy Manager simplifies this process by allowing you to automatically define and manage policies for multiple government regulations, industry standards, and internal mandates. It automatically maps these policies to control statements for both technical and procedural controls, while deduplicating common controls across multiple mandates to eliminate redundant efforts. Control Compliance Suite Policy Manager includes a database of over 150 customizable sample policies and policy templates covering over 60 regulations, frameworks and best practices. This content is automatically updated on a quarterly basis, eliminating the need for organizations to maintain a center of expertise on policies and best practices. Now you can automate the entire IT policy lifecycle from policy definition and review to approval, distribution, acceptances and exceptions.

Assess technical, procedural and data controls

To evaluate how effective you are in following established polices you need to evaluate technical, procedural and data controls throughout your organization. Control Compliance Suite 11 simplifies this process. Control Compliance Suite Standards Manager reduces cost and complexity by automating technical control checks for your entire enterprise. It offers best-in-class pre-packaged content with over 2,900 control objectives mapped to over 45 regulations and frameworks. With support for both agent-based and agentless data gathering options, Control Compliance Suite Standards Manager supports flexible control evaluation across

Report on IT risk and compliance

Once you have defined policies and evaluated the effectiveness of your controls, it is critical to understand where you stand and provide the right risk and compliance data to multiple stakeholders within the organization for better visibility and improved decision making. Control Compliance Suite 11 allows you to report on your IT risk and compliance posture across the enterprise, combining data gathered from all assets, data sets, controls and policies in a single console for reporting purposes. Web-based dynamic dashboards allow users to select from multiple panel views and filtering options, build actionable reports and drill down to granular data to discover root causes and isolate problem areas.

Control Compliance Suite 11 also features a centralized evidence system allowing you to automatically collect evidence from disparate sources across the enterprise, map this data to policies and store it all in one central repository. This could include vulnerability assessment data, log files from firewalls or other security devices and applications as well as data from the Symantec data loss prevention solution. Imported data can be formatted to populate dashboards alongside Control Compliance Suite data for better visibility into your overall risk posture while minimizing administrative overhead.

Technical Check Standard Section Number of assets that failed
Does the system prompts users to change their password before expiration? 2.2.3 3
Is "Inbound connections (Public)" set to Block? 7.2 3
Is built-in Administrator account renamed? 2.2.3 3
Is "Always prompt client for password upon connection" enabled? 12.3.2 1
Is "Firewall state (Public)" set to On? 1.3.2 3
Is "Allow log on locally" restricted ? 2.2.3 3
On domain controller machines Is "Log on as a batch job" set to None? 2.2.3 1
On member server machines Is "Bypass traverse checking" set to authorized accounts? 2.2.3 2
Top Failed Checks Table

Benefits of a holistic, automated solution

By taking a holistic, automated approach to managing your compliance processes with Symantec Control Compliance Suite 11, you can effectively address three key challenges. To support compliance for multiple mandates, Symantec Control Compliance Suite 11 provides up-to-date content on standards and regulations, then lets you deduplicate common controls to eliminate redundant efforts and deliver the right information to the right people through Webbased, dynamic dashboards. To help you cut the cost of compliance, Control Compliance Suite 11 enables you to automate costly and error-prone manual compliance assessment processes, facilitate more frequent assessments and evaluate all of your operating systems, databases and key applications with one powerful tool that covers the full breadth of your environment. To gain visibility and control over your IT risk posture, the Symantec solution allows you to automatically gather information from multiple sources, identify threats to critical assets and information, prioritize deficiencies based on risk and trigger workflows for rapid remediation.

Symantec Solutions for IT Risk and Compliance

Control Compliance Suite is a modular solution, comprising of five key components which are fully interoperable and available separately or as part of the broader suite.

  • Symantec™ Control Compliance Suite Risk Manager conveys the impact of IT risk in business-relevant terms.
  • Symantec™ Control Compliance Suite Policy Manager simplifies policy management with out-of-the-box policy content for multiple mandates, automatically mapped to controls and updated on a quarterly basis.
  • Symantec™ Control Compliance Suite Standards Manager is an industry-leading configuration assessment solution, designed to evaluate if systems are secured, configured, and patched according to standards.
  • Symantec™ Control Compliance Suite Vulnerability Manager performs end-to-end vulnerability assessment of Web applications, databases, servers and network devices, delivering a single view of security threats across your IT infrastructure.
  • Symantec™ Control Compliance Suite Assessment Manager simplifies the evaluation of procedural controls governing employee behavior, by providing automated Web-based questionnaires which can also be used to drive security awareness training.