VMware is pleased to announce the availability of automated compliance assessment toolkit for Criminal Justice Information Services (CJIS) security policy in VMware vRealize Configuration Manager (VCM). The toolkit aligns with CJIS Security Policy version 5.3 and maps to 92 checks on various MS-Windows flavors. Using the toolkit on VCM, various law enforcement agencies such as state, local, federal, and international partners, can quickly assess Windows configuration and compare with CJIS Security Policy requirements. Additionally, you can remediate the infringements with an effort of a few clicks. Get the product sheet!
The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of CJI, whether at rest or in transit. The CJIS Security Policy provides guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. This Policy applies to every individual—contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity—with access to, or who operate in support of, criminal justice services and information.
The compliance toolkit addresses below CJIS security policy areas:
|Policy Area 4||Auditing and Accountability|
|5.4.1||Auditable Events and Content (Information Systems)|
|5.4.5||Protection of Audit Information|
|Policy Area 5||Access Control|
|220.127.116.11||System Access Control|
|18.104.22.168||Access Control Criteria|
|5.5.3||Unsuccessful Login Attempts|
|5.5.4||System Use Notification|
|Policy Area 6||Identification and Authentication|
|5.6.1||Identification Policy and Procedures|
|Policy Area 7||Configuration Management|
|Policy Area 10||Systems and Communications Protection and Information Integrity|
|22.214.171.124||Intrusion Detection Tools and Techniques|
|126.96.36.199||Spam and Spyware Protection|
These policy areas are mapped to various Windows configuration checks. The automated toolkit makes it easy to run the assessments against the large set of systems and give comprehensive status.
You can quickly navigate to detailed results panel where you can sort and group the results the way you like it and take necessary actions on them – remediate, add exception, create report and various others.
VMware vRealize Configuration Manager is not limited to just CJIS compliance. This solution supports configuration and compliance assessment of your Docker containers, *NIX, Windows and Virtualized environments along with patching, change management and various other asset management and reporting capabilities. It also support other regulatory and industry accepted security benchmarks and guidelines such as HIPAA, DISA, PCI DSS 3.1, CIS, IRS, SOX, etc. If you have any questions about this solution, please post them in VCM community.
Thanks and regards,
Pravin Goyal, CISSP | CUA | TOGAF | CCSK | CWSP
RHCE | HP-UX CSA | VCP4-DCV | MBA | GISP | CloudU | CompTIA CE | ITIL-F | ITSM-F | CWNA | Mobility+ | VSP 2015