Australian Government Information Security Manual (ISM) Compliance

Cyber adversaries are sophisticated and include individuals, issue motivated groups, organized criminal syndicates and nation states. Improving cyber defence is a top national security priority. The Information Security Manual compliance was designed to mitigate risk to government information and systems.

Tripwire helps Australian Government agencies simplify the cost and effort of maintaining compliance with the ISM whilst improving their security posture. The Tripwire VIA solutions:

• Offer ISM as a standard Tripwire policy that automatically applies tests to meet the configuration requirements within the Information Technology Security section of the ISM
• Utilize continuous compliance capabilities to alert you if a change occurs that takes the configuration out of a compliant state
• Immediately determine whether you’re in compliance or not with the government standard
• Provide automated remediation that upon appropriate approvals quickly and easily reconfigures devices to bring you back to a secure and compliant state
• Meet the change control process requirements to detect potential cyber security incidents
• Ensure all changes to critical files and configurations are immediately identified and undesirable changes flagged
• Meet the log retention, auditing and protection requirements and alert personnel about potential threats and risk to the environment
• Expose events of interest that should be investigated to reduce the gap between when a breached happened and detecting the incident

Tripwire ISM policies are available for Windows 2003, Windows XP and Solaris 10. Each policy consists of approximately 400 pre-defined configuration tests with remediation advice and on-demand automated remediation. Tests are categorized based on the six classification levels specified in the standard so users can customize their assessments to meet their specific classification requirements, e.g. unclassified, confidential, top secret, etc.