The CimTrak Compliance Module

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Cimcor, Inc.
Company size (employees)10 to 49
Type of solutionSoftware

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

The Compliance Module for CimTrak, an add-on feature to the CimTrak Integrity Suite, is designed to simplify compliance needs. Regardless of standards or number of regulatory requirements imposed within an organization, CimTrak’s dashboard and
reporting capabilities are intuitive, allowing for a single product to provide test results,
compliance scoring, and policy groupings across an infrastructure.

It accomplishes this by utilizing the CIS Controls as a foundation by which all other
controls are mapped against. This approach streamlines compliance deliverables into a simplified and prescriptive approach that details problem description, assessment, rationale, impact, remediation guidelines, notes, CIS reference and benchmark. This enables common compliance requirements to be illustrated in a holistic manner with remediation instructions, aiding to bring an organization into full compliance, and
ensuring that it stays that way.

CimTrak ’s integrated compliance module provides the necessary auditing, alerting, and reporting capabilities to track changes and maintain compliance for dozens of regulatory requirements. Changes to servers, network devices, and applications can be
tracked and documented. Determining who, what, when, where, why (ticketing), and how (process) something has changed since the last audit cycle is as simple as generating a report. This compliance assurance is simple to use, cost-effective, and
eliminates the ongoing headaches of continuous audits.

Brief Overview

The CimTrak Compliance Module adds a vital security layer to critical infrastructures.
Benchmark Scanning – Many compliance standards and organizations require the use of benchmarks to ensure compliance in applicable systems and services. Benchmarks can be uploaded to the Compliance Module for CimTrak for robust testing, auditing, reporting, and instructions to remediate where applicable.

Vulnerability Management: Unique ability to identify, classify, and prioritize vulnerabilities allowing for corrective actions to be performed, remediating problems such as open ports, software configuration issues, and malware.

Policy Monitoring and Grouping – Regularly scanning devices based on a single policy, users can track any changes or deviations regarding compliance. Policies can also be grouped together providing a common compliance framework where compliance criteria across various regulatory requirements are represented as a single test.

Compliance Mappings – Compliance mappings enable organizations to create custom sets of benchmark tests to comply with specific standards that may not otherwise exist or needing tailoring to organizations’ own specific requirements.

Network Discovery – Network device discovery helps to discover, inventory, and collect information about physical assets such as routers, switches, servers, hosts, and firewalls which can then be assigned to an appropriate compliance policy with a simple point and click.

Waiver Management – As infrastructures are different and unique, oftentimes there’s a need to allow a condition to exist within a policy(s) and take exception. This exception is highlighted as a waiver for future auditing activities.

Agent & Agentless – The CimTrak Compliance Module provides an agent-based or agentless solution which can be on-demand or scheduled to perform benchmark or compliance scans, giving the ability to understand a systems’ state at time of scan.

Reporting: Auditing is simplistic as current and historical compliance to standards and requirements are shown.

Compliance Dashboard: Full integration into core product removes the need for an additional console.