Endpoint management and security software from Lumension can help organizations faced with various regulations such as US State data protection or breach notification laws like MA CMR 17.00, US Federal rules and regulations like FISMA, HIPAA / HITECH, Red Flags Rule and SOX / GLBA, industry standards like PCI and NERC, and best practices frameworks such as COBIT and ISO27002. The Lumension® Endpoint Management and Security Suite provides a layered defense-in-depth approach to security, ensuring a trusted endpoint environment with capabilities such as patch and remediation, configuration management, application control, device control, disk encryption and more.
Here are a few of the rules and regulations with which Lumension can help:
Standards for The Protection of Personal Information of Residents of the Commonwealth Massachusetts will require businesses which own, license, store or maintain personal information about a resident of the Commonwealth to follow comprehensive information security requirements. The goal is to safeguard personal information contained in both paper and electronic records. Any and all organizations with operations and/or customers in the state of Massachusetts must adhere to these standards as of March 2010.
The National Institute of Standards and Technology (NIST) 800-53 provides recommended security controls of federal information systems and is used to determine the baseline security controls for the system. Federal IT systems must adhere to these security guidelines to comply with FISMA.
The Health Information Technology for Economic and Clinical Health (HITECH) Act advances the electronic exchange of large amounts of health information and expands the reach of the HIPAA data privacy and security requirements to ensure the security of ePHI. The HIPAA Security Rule covers health plans, healthcare clearinghouses and healthcare providers. As of February 2010, under the HITECH Act, Business Associates are also required to comply with the security rule requirements. HITECH establishes mandatory federal security breach reporting requirements, along with expanded criminal and civil penalties for non-compliance.
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule is focused on protecting the confidentiality, integrity, and availability of electronic protected health information (ePHI) which is created, received, maintained, or transmitted by any covered entity (CE) against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. Covered entities include: covered healthcare providers, health plans, healthcare clearinghouses, Medicare prescription drug card sponsors and business associates. By meeting the requirements set forth in the Security Rule for ePHI, CEs will also meet the ePHI requirements of the Privacy Rule.
NERC CIP Standards 002-009
The North American Electric Reliability Corporation (NERC) is a non-profit corporation chartered to ensure that the bulk electric system in North America is reliable, adequate and secure. As the federally designated Electric Reliability Organization (ERO) in North America, NERC maintains comprehensive reliability standards that define requirements for planning and operating the collective bulk power system. Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, commonly referred to as the NERC CIP Standards 002-009, which are designed to ensure the protection of the Critical Cyber Assets which control or affect the reliability of North America’s bulk electricity systems.
The Office of Management and Budget (OMB) has issued several mandates which require agencies to establish safeguards for sensitive agency data on laptops and workstations. To achieve compliance with these mandates, agencies must enforce security measures that safeguard the integrity and availability of sensitive agency information or Personally Identifiable Information (PII) at the endpoint.
PCI Data Security Standard
The continuation of massive credit card data breaches at many high profile organizations, prompted the development of the Payment Card Industry Data Security Standard (PCI DSS), which standardizes how credit card data should be protected. Under the PCI DSS, a business or organization should be able to assure their customers that its credit card data/account information and transaction information is safe from hackers or any malicious system intrusion, whether from those outside the organization or from within.
The United States Government Configuration Baseline (USGCB) – which emerged from the Federal Desktop Core Configuration (FDCC) – provides a set of security configuration standards by which all federal agencies must adhere to as mandated by the Office of Management and Budget (OMB).