Context
Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.
You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:
Details
IBM® Tivoli® Security Compliance Manager is designed to help an organization audit and report on corporate IT security.
By providing the ability to flexibly manage and group corporate IT systems (laptops, desktops, servers, and so on); the
ability to define corporate security policies in a centralized location; the ability to easily deploy these policies to
a multitude of platforms; and the ability to collect a wide variety of compliance information; Tivoli Security
Compliance Manager offers extensive audit and reporting capabilities on a wide range of corporate targets while being
more cost effective than alternative solutions. The Tivoli Security Compliance Manager architecture is shown in the
picture below.
Figure 1: The architecture of Tivoli Security Compliance Manager includes a single TSCM server and multiple collectors
on endpoints
Tivoli Security Compliance Manager provides the capability to easily manage IT assets that require audit and reporting
through the use of groups. Any collection of IT assets can be constructed on the Tivoli Security Compliance Manager
server as a logical entity referred to in Tivoli Security Compliance Manager as a group. For example, an organization
can create a group whose members all run the Windows XP® operating system or a group whose members all belong to a
specific regional office. This ability to logically define and associate arbitrary collections of IT assets allows for
easy management of these assets for auditing and reporting purposes as well as fine-grained application of security
policies to these assets. For example, separate corporate security policies can be created for systems running Windows
XP and for systems running in a specific regional office. The management and deployment of these policies are
simplified. They can be maintained, updated, and applied independently yet can affect an intersecting set of systems,
such as Windows XP systems in that regional office, on a group membership basis. More information on client groups can
be found in Tivoli Security Compliance Manager Administration Guide Chapter 5.
Tivoli Security Compliance Manager security policies provide a flexible and powerful mechanism for definition of a
corporation's security and compliance criteria. Through an association of collectors, collector schedules and
compliance objects, a policy can define fine-grained security and audit requirements and is a key component of Tivoli
Security Compliance Manager auditing and compliance solution. These security policies are created and stored centrally
on the Tivoli Security Compliance Manager server and can be easily associated, and deployed to, specific or groups of
corporate assets. As they are stored and managed centrally on the Tivoli Security Compliance Manager server, they can
be easily updated as security, compliance and audit requirements change over time. More information on Tivoli Security
Compliance Manager policies can be found Tivoli
Security Compliance Manager Administration Guide Chapter 12.
Each Tivoli Security Compliance Manager client, with the help of modular components called collectors, gather
information on the system that is required to determine the state of compliance of the system with the defined security
policies. Existing collectors can examine and gather the following information from corporate systems:
-
Hardware and software inventory
-
Running services or processes
-
User account settings (password length, age, and so on.)
-
System security settings (user, file ACLs.)
-
System and application hotfix levels.
This list is only a subset of existing Tivoli Security Compliance Manager collectors and is used only to highlight some
of the more common functions that are used in security and compliance checking. Tivoli Security Compliance Manager also
includes a collector SDK to provide users with the ability to easily develop and deploy new collectors in the case of
private, proprietary applications or when system information cannot be gathered by an existing collector. The collector
architecture is the powerful piece of the Tivoli Security Compliance Manager solution that provides the capability to
easily extend and collect on a wide range of security, compliance, and auditing data on IT assets. More information on
Tivoli Security Compliance Manager collectors can be found in Tivoli
Security Compliance Manager Administration Guide Chapter 7.
Tivoli Security Compliance Manager employs compliance objects to help determine compliance with a specific security
requirement. A compliance object is simply an SQL query that associates a collector with its compliant data values.
This mechanism, together with the wide variety of data collectors can gather, provide the powerful and flexible
compliance-checking mechanism that is in Tivoli Security Compliance Manager.
Tivoli Security Compliance Manager, through the use of snapshots and Crystal Enterprise Server, provide a wide variety
of reports with the collected compliance and auditing data. The Tivoli Security Compliance Manager server provides
basic, non-graphical reports through the use of snapshots, Tivoli Security Compliance Manager objects that contain the
current state of IT assets as well as the existing security and compliance checks being applied to them. Snapshots
provide a direct view of the compliance of systems at a given moment in time. They are the key component in providing
auditing and reporting information. When archived, they provide an excellent historic view of the security and
compliance of the corporate assets. Snapshots can also be automatically generated and sent on a user-defined schedule
for additional usability. Tivoli Security Compliance Manager operational reports are available through Crystal
Enterprise Server. The operational reports are enhanced, graphical reports based on generated snapshots. They can
provide a more visual, high-level view of managed IT assets. It is also possible to create additional, customized,
operational reports in Crystal Enterprise Server with the appropriate development package. More information on Tivoli
Security Compliance Manager reports can be found in Tivoli
Security Compliance Manager Administration Guide Chapter 11.
Together, the various components of Tivoli Security Compliance Manager and its modular, extensible, and flexible
architecture allow easy deployment, update, scan, audit, and reporting of corporate systems. With specific focus on
audit and reporting of IT security, the major features of Tivoli Security Compliance Manager can be summarized as
follows:
-
Can define and manage corporate security policies in a central location, reducing cost of maintenance and updates
while enhancing ease of management.
-
Can manage and define relationships of corporate systems through the use of groups, reducing cost of maintenance
and updates while enhancing ease of management.
-
Can easily distribute and update corporate security policies, reducing the cost of, and increasing the ease of,
updates to corporate systems.
-
Can easily audit corporate systems for compliance on a wide range of objects through the use of collectors. This
capability provides an auditing system that is powerful, extensible, and useful over time with high investment
value.
-
Provides extensive and extensible reporting capability.
-
With the new announcement of the IGS Vulnerability Index (http://www-1.ibm.com/services/us/index.wss/so/bcrs/a1008776), a corporate security, compliance
audit and reporting solution with Tivoli Security Compliance Manager is now enhanced with daily security updates,
advisories, and management solutions.
For More Information
For more information about this tool, click on the link for this tool at the top of this page.
|