Symantec checks FISMA compliance

Symantec Corp. officials released software today that makes it easier for federal information technology managers to comply with federally mandated security legislation.

Symantec Enterprise Security Manager for the Federal Information Security Management Act of 2002 is a best-practices policy module that integrates into Symantec ESM, the company's policy compliance software. The software module is based on the system security requirements of FISMA, which are geared to protect government information systems from being compromised by network attacks that exploit improperly configured systems and insufficient security management.

ESM for FISMA offers preconfigured security policies, allowing IT managers to automate tasks that they performed manually, such as making sure systems have the latest security patches and checking the integrity of files, said John Grimm, Symantec's director of industry solutions.

The preconfigured security policies give IT managers a running start, as they audit their environments for FISMA compliance, Grimm said. They can generate the reports needed to show that they are in compliance and set up best practices for discovering and removing vulnerabilities, he added.

The Symantec ESM for FISMA policy module supports multiple operating systems including Microsoft Corp. Windows 2000 and Windows NT, Sun Microsystems Inc. Solaris versions 2.6 through 2.9, IBM Corp. AIX, Hewlett-Packard Co. HP-UX and Red Hat Inc. Linux. The module is available free for Symantec ESM users.