Tripwire has introduced a new version of Tripwire® Configuration Compliance ManagerTM (CCM) – Tripwire CCM Express - designed to simplify compliance audits for mid-sized organizations and stand alone divisions of larger organizations. “Enforcing and demonstrating compliance with regulations is a critical security requirement in today’s business environment, and it can be especially challenging for smaller organizations because they have fewer resources,” said Dwayne Melancon, chief technology officer and vice president of research and development. “Tripwire CCM Express makes it simple for organizations of every size to prepare for an audit very quickly and demonstrate compliance across the entire organization within hours.”
Tripwire CCM Express can be deployed quickly, lowering the cost of compliance and accelerating security visibility. It delivers easy-to-use, audit-ready reports that provide immediate, organization-wide visibility into the compliance status of all monitored systems, and can quickly identify compliance issues before they present a serious audit or security problem.
There were over 40,000 updates to global compliance standards in 2015 – a number that is expected to continue to grow aggressively. Organizations of every size struggle to keep up with diverse, overlapping state, federal and international regulations, but this challenge is even more difficult for mid-enterprise organizations that often have fewer resources and limited staff. The 2015 Verizon PCI Compliance report indicates that only one in five companies demonstrated that they were able to sustain compliance between audit cycles. Smaller businesses may be faced with fines up to $50,000 for non-compliance with PCI DSS. Tripwire CCM Express does not require any agent software to be deployed on endpoints and it is complementary to Tripwire Enterprise, the firm’s agent-based configuration and compliance management solution. The comprehensive coverage provided by Tripwire CCM Express is identical to the policy library supporting Tripwire Enterprise, the industry’s most trusted security configuration and compliance management product. Together these solutions deliver comprehensive security configuration management, compliance management and auditing for organizations of every size. Both solutions include a rich library of policies based on standards and benchmarks from NIST, CIS, DISA and Microsoft, as well as policies for specific regulations, including: - North American Electric Reliability Corporation standards (NERC).
- Payment Card Industry Data Security Standard (PCI DSS).
- Federal Information Security Modernization Act (FISMA).
- Health Insurance Portability and Accountability Act (HIPAA).
- United States Government Configuration Baseline (USGCB).