12/05/2006

Secure Elements, Inc., a specialist in IT compliance and vulnerability management solutions, today announced that it has contributed the industry's first standards-based XML content for evaluating Microsoft Windows Vista compliance with Microsoft's Windows Vista Security Guide, and was released to the public by NIST for review in conjunction with the launch of Microsoft Windows Vista on November 30th, 2006.

ebizQ received the following details:

"Now the industry has a common language for defining and assessing IT controls, as well as an open source of validated content that auditors and information assurance professionals can rely on, said Scott Armstrong, Vice President of Marketing and Alliances for Secure Elements. We believe that the success of this program will not only help federal agencies, but also private sector industries to achieve cost effective programs for automating IT compliance assessment and remediation activities."

The Security Content Automation Program provides a free public repository of validated XML content for automating technical control compliance activities, vulnerability checking (both application mis-configurations and software flaws), and security measurement. This content represents best practices, encoded in machine readable XML formats, for the evaluation of systems configurations for regulatory compliance.

The IT controls being evaluated are uniquely defined, with granular line item references to guidance and directives from ISO 17799, NIST, DoD, GAO, and DCI. These IT controls represent the broad spectrum of best practices from which Information Assurance practitioners derive their own corporate policies for security and regulatory compliance with SOX, HIPAA, NERC, GLBA, and others.

"Interpreting Security Guidelines and preparing for enterprise roll-outs of a new operating system can be an overwhelming task for an enterprise, said Scott Carpenter, Director of Security Labs for Secure Elements. By leveraging solutions for automating the assessment of the security configurations, when adapted for their enterprise environment, helps eliminate the risk and cost of this type of operating system roll-out."

Secure Elements solution, C5 Enterprise Vulnerability Management (C5 EVM), is the only product that natively supports XML standards (OVAL 5.0 and XCCDF) for compliance and vulnerability management. With support from the National Institute of Standards and Technology, these standards provide the IT industry the basis for security compliance benchmarks and assessments.