System Compliance involves auditing a computer Operating System (whether several servers, a single virtual machine, or a fleet of nodes) and comparing that systems existing Digital Security Signatures (DSS) with that of a framework defined by an International Industry Standard. After evaluating the resultset, a benchmarked report is compiled indicating what (if any) measures or system changes are required to achieve and maintain System Compliance with that chosen policy or Security Framework. Cybervine have been exploring methods to proactively assist with Information Security, Data Protection, and System Integrity using International Industry Standards (such as those governed by NIST) to adopt best practices and protection standards for System Compliance & Remediation.
Although in early Beta, our System Compliance & Remediation reports cater for the adapating rules and regulations of these standards, policies, and best practices. This includes nodes provisioned for transactional purposes (Eg. PCI DSS), client data storage clusters (Eg. GDPR/POPIA Compliance), hosted email services, as well as private/public systems requiring a security baseline with reporting and/or security audits with remediation/mitigation advisory.
To perform this service, Cybervine utilizes the results from an agentless scan (OpenSCAP) and evaluates the Digital Signature Standards (DSS) to provide a detailed report of system requirements not yet met (including remediation/mitigation advice where applicable) – whether matching criteria with an International Industry Standard Framework, or a custom defined framework to meet a level of system hardening.
In addition, Cybervine can assist by providing regular system-wide Compliance & Remediation Reporting for your system(s) and IT environment. To get started, request a once-off free trial (limited storage capacity available).
Alternatively, kindly contact us if you have any questions or require assistance!
Note: Cybervine IT Solutions are unable to certify System Compliance and thus this service can only assist in System Compliance (Risk Managment).