Portable software automates DISA STIG audits
- By Mark Pomerleau
- Jul 28, 2015
Typically, a network audit for compliance with a Defense Information System Agency security technical implantation guide is a time-consuming affair. Auditors must verify configuration details of every system, and compare them to the STIG requirements. Additionally, most compliance monitoring solutions are designed to be used on a local network by in-house staff.
EiQ Networks’ SecureVue Auditor License, however, aims to change this process by automating DISA STIG compliance checks without requiring an agent to be installed. The software and lightweight hardware requirements allow traveling auditors to carry the solution on a laptop and quickly setup through automatic node licensing and management.
The solution automatically collects data from a wide range of network devices and hosts and compares the configurations to the secure standards defined by DISA and the Center for Internet Security. SecureVue Auditor License then sorts through results and focuses on STIG violations, saving hundreds of hours on manual processes and helping agencies complete audits at a lower cost.
“IT security auditors can spend hours manually inspecting system configurations,” said Don Byrne, VP of federal sales, EiQ Networks. “The SecureVue Audit License will automate the collection and analysis process, which will in turn increase accuracy by reducing reliance on manual data processing.”
SecureVue Auditor License was designed with the Defense Department in mind; DOD agencies must regularly conduct Command Cyber Readiness Inspections that ensure networks are secure and adhere to federal standards. A spokesperson explained to GCN, however, that “the product can be marketed to any organization looking to do configuration auditing at remote locations.”
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.