SolarWinds announced enhancements to its SolarWinds Server Configuration Monitor (SCM) product. SolarWinds SCM, which works to detect and compare configuration changes to servers, databases, and applications, now integrates a policy compliance engine aimed at helping IT teams simplify and more efficiently achieve compliance and compliance reporting, with an initial focus on the federal space.
While the Department of Defense (DoD) has made managing risk easier by providing an enormous variety of hardened baselines for operating systems, system components, and network devices through Security Technical Implementation Guides (STIGs), it’s still dependent upon IT to help ensure their systems are secure and compliant. Automation is the key to alleviating some of the burden placed on IT teams.
SolarWinds SCM, by integrating a policy compliance engine focused on select STIG policies, makes it easier for federal IT pros to automatically check systems and applications for STIG compliance, deliver clear and quick compliance results for auditing purposes, and identify non-compliant elements for more efficient remediation.
“Automation is critical in reducing the compliance burden on federal IT pros’ shoulders,” said Jim Hansen, vice president of product strategy, SolarWinds.
“Our 2020 Cloud Confessions Survey found 78% of IT pros reported spending less than 10% of their time proactively optimizing their environments versus reactively maintaining. The latest enhancements to SolarWinds SCM, which were frequently requested from user groups and customers, will lessen the compliance burden and allow IT pros to focus on other priorities.”
SolarWinds SCM operationalizes policy compliance monitoring for servers and applications by tracking their compliance percentage across an IT environment over time. The SCM policy compliance engine currently focuses on DISA STIG policies for Windows 2016, SQL Server 2016, and ILS 8, with plans to continue to expand to other policies in the future.
Each rule reads a configuration from a file, device, command, registry setting, and more, pulls the needed information, evaluates it against the benchmark, and returns a pass, fail, or unknown. From there, evaluation results can be aggregated to give a summary compliance percentage of a node or a policy.
For polices that fall below a threshold, or when an individual rule fails, IT pros are then alerted. Users will also be able to create their own reports and import them into the policy compliance engine.
SolarWinds solutions for government
- Pricing for SolarWinds software is available on the U.S. General Services Administration (GSA) Schedule, CHESS ITES-SW, and other contract vehicles.
- U.S. Government certifications and approvals include DoDIN APL, Army CoN, Navy DADMS, DHS CDM DEFEND APL, Common Criteria, and USGv6 IPv6 Tested Registry. Technical requirements include FIPS compatibility, DISA STIGs, and National Institute of Standards and Technology (NIST) compliance.
- SolarWinds has hundreds of built-in automated compliance reports capable of meeting the requirements of major auditing authorities including DISA STIG, FISMA, NIST, RMF, and more.
- SolarWinds Network Configuration Manager (NCM) provides a number of out-of-the-box compliance report templates installed with the product, and these are designed to help users prepare for an inspection. Other policy compliance templates are available from the SolarWinds THWACK online user community.