Elemental Security, Inc., the award-winning pioneer of new technology in enterprise information security, today announced that its Elemental Security Platform (ESP) has been certified by the Center for Internet Security (CIS) for the CIS Mac OS X Benchmark v1.02. Elemental’s policy and risk management product is the industry’s first product to complete the CIS’ rigorous certification process for the Mac OS X Benchmark.
The CIS Benchmark is a set of technical standards that draws upon best practices published by The SANS Institute, the National Security Agency (NSA), the National Institute of Standards and Technology (NIST), and the U.S. Defense Information Systems Agency (DISA), as well as consensus guidance from CIS members and users. The CIS Certification program is distinguished from other IT certifications because CIS certified vendor tools support the consensus best practices movement. CIS strategic partnerships with AICPA, IIA and ISACA are advancing the science of security auditing to include measurement of configuration management outcomes.
Elemental has seen growing traction in markets where Mac platform use is prevalent, such as university environments, presenting an expanding opportunity. According to Gartner, Inc., the U.S. Mac OS installed base totals more than 11 million units in 2006. 1
“With the constant proliferation of system threats and computer vulnerabilities, enterprises with Mac environments need to take a proactive stance to minimize security risks by ensuring that their systems are in compliance with implemented system security compliance policies,” said CIS President and CEO Clint Kreitner. “This CIS Certification assures Elemental customers that ESP v2.0 accurately and thoroughly compares the configuration of their organizations’ Mac platforms with the relevant baseline security benchmarks defined by user consensus. Elemental enables users to define their security compliance policies with the CIS benchmarks as a guide, and to constantly monitor and audit systems to ensure continued compliance with these established baselines.”
With these certifications, Elemental customers are assured that their security best practices and security benchmark policies are properly implemented in order to assure that Mac OS X computers are configured with the most appropriate security settings. Mac OS X joins the growing list of computing platforms supported by Elemental which have earned CIS benchmark certifications, including Windows 2000, 2000 Pro, and 2000 Server; Windows 2003 Domain Member Server and Domain Controller 2003; Windows XP; UNIX versions of IBM (AIX) and Hewlett-Packard (HP-UX); Red Hat Enterprise Linux; and Sun Solaris.
“The CIS Benchmarks are widely accepted standards that help companies satisfy the configuration and compliance requirements for popular computing platforms, including Macs,” said Elemental Chief Marketing Officer Roy Agostino. “We are pleased to be the first vendor to earn this certification for our growing number of Mac platform customers, to assure that the policy baselines we offer them are in line with the high-security industry benchmarks, as defined by CIS and industry user consensus. This is a unique distinction for Elemental, because few enterprise-class security solutions exist for Mac platforms. Mac users have an advantage because Apple’s BSD derivative operating system provides an improved out-of-the-box security posture.”
In addition to CIS Benchmark policies, ESP offers an extensive suite of policies for all supported platforms for other benchmarks, such as from the NSA, NIST and DISA; and industry best practices, including those published by Microsoft. With ESP, users can assess compliance with established full benchmarks, or can customize these policies to fit their specific environments and individual business objectives.
Organizations can deploy these policies and get compliance results across the entire enterprise in minutes.
The award-winning ESP is the only security policy system built from the ground up to make the state and activity of users and computers fully transparent, enabling customers to directly translate their business objectives into specific policies for all users and systems on their networks. Elemental unifies policy management, host configuration, inventory/discovery and role-based access control in one seamlessly integrated offering. Using Elemental, security administrators can easily assess the security posture of machines and networks, and make proactive decisions about managing risk. Security policy and compliance management continue to be top priorities due to increasing frequency and severity of security breaches, and regulations such as Sarbanes-Oxley (SOX), the Payment Card Industry (PCI) Data Security Standard, the Health Insurance Portability and Accountability Act (HIPAA), and the Federal Information Security Management Act (FISMA).
Elemental is an industry leader in enterprise policy and risk management. Using its award-winning Elemental Security Platform (ESP), organizations can directly translate their business objectives into specific policies for all users and systems on their networks. For the first time, enterprises can use a single product to obtain measurable and comprehensive metrics for their security policy needs and compliance requirements. Founded in December 2002, Elemental is a privately held company backed by Bessemer Venture Partners, Mayfield, Sequoia Capital and Lehman Brothers Venture Partners. Red Herring and AlwaysOn have awarded the company their annual awards for the top private companies. Elemental was also named the “Most Innovative” company at the RSA Conference 2006, and earned 2006 “Private Security/Start-up to Watch” honors from Red Herring and Network World. The company is headquartered in San Mateo, Calif., and has offices throughout the U.S.
Elemental and the Elemental Security Platform, among others, are trademarks or registered trademarks in the United States and certain other countries of Elemental Security, Inc. Additional company and product names may be trademarks or registered trademarks of other individual companies and are respectfully acknowledged.
Note 1 – Gartner, Inc., “Forecast: PC Market by Operating System, Worldwide, 2001-2010,” Annette Jump, May 3, 2006.