Security Back to Basics: Managing the Threat (part 3b)

In previous blogs we talked about needing to educate the end users and knowing the details of what activity is occurring on your enterprise’s systems. In part 3, we’re going to talk about Compliance and Endpoint Management. Simply speaking, Compliance is setting a policy and how well you adhere to the policy. If a policy is set to only allow passwords longer than 8 characters in your enterprise, Compliance is the measurement of enforcement of that policy. Any deviations or exceptions from the policy are clearly documented and recorded. So why is Compliance important? A well-developed endpoint security policy ensures that common attacks and threats can be mitigated before they happen. By adhering to that policy, you are protected and secure from attacks without any other controls. There are many examples of compliance guidelines like NIST 800-53 and FDCC (Federal Desktop Core Configuration).

SonicWall reaches (EAL4+) certification

This week SonicWall announced its TZ and NSA product lines achieved the latest in government certification requirements, having earned the Common Criteria (CC) Evaluation Assurance Level 4+ (EAL4+) certification (ISO 15408). The new EAL4+ certification is an addition to the already achieved FIPS140-2 Level 2 certification (see article here). As any federal IT engineer will tell you, having the box checked on government requirements for compliance is critically for government acceptance and implementations.