Tripwire helps Idaho Power enhance its security and compliance measures
Manual audits to check for Sarbanes-Oxley Act and internal control compliance of Idaho Power's servers were eating up too much time. One solution was to test a small percentage of representative servers, but Idaho Power wanted more complete information. So, beginning in August 2006 started looking at compliance solutions. The result was the rollout of Tripwire® Configuration Compliance Manager (CCM).
- A solution that could track configuration changes and regulatory compliance between segmented environments
- To provide auditors any easy-to-use solution that could provide reports in a timely fashion
- A way to simplify their complex processes between server administrators, auditors and business managers
- A solution that can provide timely change notification to help simplify remediation processes
Tripwire CCM enables Idaho Power to track configuration changes and regulatory compliance inside its heavily segmented and strictly separated environment by using scan engines running in virtual machines. Idaho Power needed only a couple of changes to firewall rules to enable communication between the scan engines, which monitor registry settings, log files, user accounts and more to create reports for senior managers, system administrators and auditors.
What we needed was a tool that would automatically check preferably all of the settings in our baseline, and also do that for Windows and Linux servers.ALEX TATISTCHEFF, INFORMATION SECURITY MANAGER
- The development of data collection and high-level reports with that the CIO can take action on while providing addition detailed reports for the servers administrators
- Visibility into their environment and reporting capabilities that provide auditors with reports that show exactly what is happening on their servers
- Auditor reports to help streamline remediation problems throughout the department
- A large decrease in the amount of staff time needed to monitor server configuration compliance