GCN Insider: McAfee tackles FISMA
- By Brad Grimes
- Nov 16, 2005
Halloween 2005, McAfee Inc. launched a couple of new products to help take the fear out of agencies' FISMA compliance efforts. A week later, they brought by GCN's offices Foundstone Enterprise 4.2, the latest version of the vulnerability management system the company acquired about a year ago. Little has actually changed in Foundstone 4.2, which includes a terrific one-click correlation engine that can take information about a new vulnerability and compare it to your most recent network scan for a quick assessment of possible problems (after all, not all patches apply to your infrastructure). But what is new in 4.2 is a set of compliance templates, developed with help from the Justice Department. Want to know where you stand on FISMA or HIPPA? Foundstone's templates give feedback for complying with those and other mandates.
The company has also shipped a new hardware appliance. The FS 850 is what McAfee's vice president of federal business Mike Carpenter called a 'headless appliance.' Basically, the FS 850 has no ports except its network connector. Evidently, agencies with remote sites didn't want to deploy full-fledged Foundstone appliances to collect network information. The FS 850 is easy to deploy, relays vulnerability data back to a central appliance, and can't easily be fooled with.