Context

Tool mentors explain how a tool can perform tasks, which are part of ITUP processes and activities. The tasks are listed as Related Elements in the Relationships section.

You can see the details of how processes and activities are supported by this tool mentor, by clicking the links next to the icons:

•   Security Management
  •   Monitor, Assess, Audit and Report Security

Details

IBM® Tivoli® Security Compliance Manager is designed to help an organization audit and report on corporate IT security. By providing the ability to flexibly manage and group corporate IT systems (laptops, desktops, servers, and so on); the ability to define corporate security policies in a centralized location; the ability to easily deploy these policies to a multitude of platforms; and the ability to collect a wide variety of compliance information; Tivoli Security Compliance Manager offers extensive audit and reporting capabilities on a wide range of corporate targets while being more cost effective than alternative solutions. The Tivoli Security Compliance Manager architecture is shown in the picture below.

Figure 1: The architecture of Tivoli Security Compliance Manager includes a single TSCM server and multiple collectors on endpoints

Tivoli Security Compliance Manager provides the capability to easily manage IT assets that require audit and reporting through the use of groups. Any collection of IT assets can be constructed on the Tivoli Security Compliance Manager server as a logical entity referred to in Tivoli Security Compliance Manager as a group. For example, an organization can create a group whose members all run the Windows XP® operating system or a group whose members all belong to a specific regional office. This ability to logically define and associate arbitrary collections of IT assets allows for easy management of these assets for auditing and reporting purposes as well as fine-grained application of security policies to these assets. For example, separate corporate security policies can be created for systems running Windows XP and for systems running in a specific regional office. The management and deployment of these policies are simplified. They can be maintained, updated, and applied independently yet can affect an intersecting set of systems, such as Windows XP systems in that regional office, on a group membership basis. More information on client groups can be found in Tivoli Security Compliance Manager Administration Guide Chapter 5.

Tivoli Security Compliance Manager security policies provide a flexible and powerful mechanism for definition of a corporation's security and compliance criteria. Through an association of collectors, collector schedules and compliance objects, a policy can define fine-grained security and audit requirements and is a key component of Tivoli Security Compliance Manager auditing and compliance solution. These security policies are created and stored centrally on the Tivoli Security Compliance Manager server and can be easily associated, and deployed to, specific or groups of corporate assets. As they are stored and managed centrally on the Tivoli Security Compliance Manager server, they can be easily updated as security, compliance and audit requirements change over time. More information on Tivoli Security Compliance Manager policies can be found Tivoli Security Compliance Manager Administration Guide Chapter 12.

Each Tivoli Security Compliance Manager client, with the help of modular components called collectors, gather information on the system that is required to determine the state of compliance of the system with the defined security policies. Existing collectors can examine and gather the following information from corporate systems:

• Hardware and software inventory
• Running services or processes
• User account settings (password length, age, and so on.)
• System security settings (user, file ACLs.)
• System and application hotfix levels.

This list is only a subset of existing Tivoli Security Compliance Manager collectors and is used only to highlight some of the more common functions that are used in security and compliance checking. Tivoli Security Compliance Manager also includes a collector SDK to provide users with the ability to easily develop and deploy new collectors in the case of private, proprietary applications or when system information cannot be gathered by an existing collector. The collector architecture is the powerful piece of the Tivoli Security Compliance Manager solution that provides the capability to easily extend and collect on a wide range of security, compliance, and auditing data on IT assets. More information on Tivoli Security Compliance Manager collectors can be found in Tivoli Security Compliance Manager Administration Guide Chapter 7.

Tivoli Security Compliance Manager employs compliance objects to help determine compliance with a specific security requirement. A compliance object is simply an SQL query that associates a collector with its compliant data values. This mechanism, together with the wide variety of data collectors can gather, provide the powerful and flexible compliance-checking mechanism that is in Tivoli Security Compliance Manager.

Tivoli Security Compliance Manager, through the use of snapshots and Crystal Enterprise Server, provide a wide variety of reports with the collected compliance and auditing data. The Tivoli Security Compliance Manager server provides basic, non-graphical reports through the use of snapshots, Tivoli Security Compliance Manager objects that contain the current state of IT assets as well as the existing security and compliance checks being applied to them. Snapshots provide a direct view of the compliance of systems at a given moment in time. They are the key component in providing auditing and reporting information. When archived, they provide an excellent historic view of the security and compliance of the corporate assets. Snapshots can also be automatically generated and sent on a user-defined schedule for additional usability. Tivoli Security Compliance Manager operational reports are available through Crystal Enterprise Server. The operational reports are enhanced, graphical reports based on generated snapshots. They can provide a more visual, high-level view of managed IT assets. It is also possible to create additional, customized, operational reports in Crystal Enterprise Server with the appropriate development package. More information on Tivoli Security Compliance Manager reports can be found in Tivoli Security Compliance Manager Administration Guide Chapter 11.

Together, the various components of Tivoli Security Compliance Manager and its modular, extensible, and flexible architecture allow easy deployment, update, scan, audit, and reporting of corporate systems. With specific focus on audit and reporting of IT security, the major features of Tivoli Security Compliance Manager can be summarized as follows:

• Can define and manage corporate security policies in a central location, reducing cost of maintenance and updates while enhancing ease of management.
• Can manage and define relationships of corporate systems through the use of groups, reducing cost of maintenance and updates while enhancing ease of management.
• Can easily distribute and update corporate security policies, reducing the cost of, and increasing the ease of, updates to corporate systems.
• Can easily audit corporate systems for compliance on a wide range of objects through the use of collectors. This capability provides an auditing system that is powerful, extensible, and useful over time with high investment value.
• Provides extensive and extensible reporting capability.
• With the new announcement of the IGS Vulnerability Index (http://www-1.ibm.com/services/us/index.wss/so/bcrs/a1008776), a corporate security, compliance audit and reporting solution with Tivoli Security Compliance Manager is now enhanced with daily security updates, advisories, and management solutions.

For More Information

For more information about this tool, click on the link for this tool at the top of this page.