CA Security Compliance Manager is a new product that delivers capabilities that help CA customers address IT security and compliance with legal, corporate and government regulations. CA Security Compliance Manager focuses on helping organizations automate processes for answering security questions such as “Who has access to what?” “Who can do what?” and “Who approved what?” to help detect security policy or compliance violations and then initiate any necessary remediation.
CA Security Compliance Manager is designed with features to build a process-centric platform for continuous compliance and address the three elements of security compliance—IT security controls, analysis and proof of compliance, and automation of compliance processes.
- Actionable Remediation and Validation – When CA Security Compliance Manager detects a policy or compliance violation, it can initiate a remediation request through any change management system such as a help desk. CA Security Compliance Manager can automatically follow up on such remediation requests to validate that the change happened, verify when it happened and certify the remediation with the appropriate manager, IT auditor or security reviewer.
- Entitlement-centric Visibility – CA Security Compliance Manager collects compliance data related to identities from a wide variety of systems to answer questions such as: Who has access to what? Who can do what? and Who approved what?
- Orphan and Inactive Accounts Reporting – Orphan and inactive accounts represent a common compliance violation. CA Security Compliance Manager can establish a continuous compliance process to identify orphan and inactive accounts, notify the risk owner of exceptions to the compliance process and initiate remediation requests and validation on specific accounts in target systems.
- Certification and Attestation – Using a process-centric certification engine, CA Security Compliance Manager identifies relevant changes in entitlements, roles, user title, cost center or account access and triggers a certification event change. CA Security Compliance Manager can complete the certification or attestation and create a full series of audit trails behind the process. This helps streamline the high-cost manual processes for certifying entitlements.
- Ease of Deployment – With an open and flexible architecture, CA Security Compliance Manager can accommodate a vast range of organizational structures and existing compliance processes. The interface is built to easily import existing compliance policies and procedures, and to collect accounts and entitlements from account stores. It also can be synchronized with an HR data feed.
- Robust and Easy Integration With Other CA Offerings – CA Security Compliance Manager integrates with CA Identity Manager, CA-ACF2 and CA-Top Secret, CA GRC Manager and CA Service Desk. It touches all EITM elements of govern, manage and secure.