 A comprehensive security policy should be considered the first step in improving a business' overall security posture. Because IT professionals often have difficulty translating policy statements into actual system configurations, PoliVec Builder automatically generates implementation standards with specific configuration steps preventing vulnerabilities caused by system misconfiguration.
PoliVec Builder:
- Automates security policy development to help organizations build a comprehensive security policy.
- Generates operating system-specific implementation standards that are compliant with the corporate security policy for Unix, Linux, and Windows.
- Provides four policy templates, including a general "best practice" template for enterprises, two templates for banks and credit unions to help them comply with the privacy provisions of the Gramm-Leach-Bliley Act, and a Health Insurance Portability
and Accountability Act (HIPAA)-compliant template for the healthcare
industry.
PoliVec Builder is based on three major components:
Configuration
 Configuration customizes the policy and implementation standards for your specific company needs. The configuration screen includes several customizable text boxes such as Policy Name and Description. In addition, the Organizational Attributes section allows you to define global values that will be used throughout your policy document.
Categories
Categories allows you to choose categories and subcategories for inclusion in your document. In addition, the categories screen includes descriptions of each category, a Rationale section displaying an explanation of a selected policy statement, and an example of the selected policy category.
Settings
Settings allows you to accept a "best practice" recommendation for each policy statement or override the value to one that is more applicable to your needs. The settings screen includes three distinct sections:
- The Categories section displays a list of all categories you selected on the categories screen.
- The Parameters section displays policy statements that may have editable values, that you can tailor to your company needs.
- The Rationale/Warning box at the bottom of the settings screen displays an explanation of a selected statement. It also displays a warning when you choose to delete a statement from your policy.
Building Security Documents
When statements and settings are complete, the document builder produces customized security policy documents. Policy documents and implementation standards can be saved as Adobe Acrobat (.pdf) and HTML (.htm). The saved HTML file can be used with several editors including Microsoft Word.
Implementation Standards: Applying the Policy
Once the policy document is built, users can create implementation standards for specific operating systems. The implementation standards provide guidance to the IT staff by translating the security policy into operating system-specific configuration guidelines.
Implementation standards may be exported to PoliVec Scanner, our Windows NT/2000 security automation tool, and PoliVec Enforcer, our real-time monitoring and enforcement tool. PoliVec Builder supports a number of security implementation standards such as Windows NT 4.0, Windows 2000, Windows XP, Solaris, HP-UX, AIX, Linux, and Novell Netware.
|
