September 19, 2005

FISMA Regulatory Compliance Knowledge Now Available in NetIQ Security Compliance Suite

Automated compliance and risk management solution saves U.S. federal agencies time and resources; NetIQ expands knowledge base for compliance

Press Release

SAN JOSE, Calif.

NetIQ Corp. (Nasdaq: NTIQ), a leading provider of integrated systems and security management solutions, today announced the availability of the NetIQ® FISMA Essentials policy templates within the NetIQ® Security Compliance Suite solution. These policy templates provide knowledge to help assess the information security of U.S. federal agencies’ systems as required by the Federal Information Security Management Act (FISMA). The policy templates also help assure that each agency operates within policy and implements cost-effective security controls to reduce risk and validate compliance. In addition, these policy templates expand NetIQ’s library of existing policy templates covering many regulations and standards, including the Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, ISO1779 and Center for Internet Security benchmarks.

“The new FISMA Essentials policy templates will help save our clients time and resources by automating FISMA compliance, a previously manual and time-consuming task,” said Scott Deen, president of FedTek, Inc., a leading provider of IT solutions and services to the U.S. government. “With these templates our clients will obtain the knowledge necessary to be confident that they are compliant with FISMA in the areas of access control; audit and accountability; configuration management; and identification and authentication.”

According to FISMA regulations, U.S. federal agencies must provide a thorough assessment of non-national security-related systems on an annual basis to the Office of Management and Budget (OMB). The FISMA Essentials policy templates automate the assessment of technical configuration settings in accordance with National Institute of Standards and Technology’s (NIST) SP800-53 guidelines. This enables customers to automatically check over 100 different security controls across many machines and operating systems at once and produce a report that is organized by FISMA technical categories.

The Security Compliance Suite aids in creating a secure baseline configuration, reporting FISMA violations per IT system and generating an overall risk compliance metric for trending compliance patterns. In addition, the Security Compliance Suite can provide alerts on changes to the baseline configuration in real-time, as well as perform advanced log management functionality. These features enable federal agencies to remediate reported violations and to improve their overall security-assessment scores.

“This is another good example of dissecting a regulation into actionable knowledge in a way that makes sense for our customers,” said Greg Davoll, group product manager of Security Management Solutions at NetIQ. “FISMA is structurally similar to Sarbanes-Oxley in that organizations are required to ensure that appropriate security controls are in place, that IT configurations are secured and that IT organizations adhere to best practices.”

The Security Compliance Suite is a key component of NetIQ’s unique Knowledge-Based Service Assurance strategy, which provides a customer with the knowledge necessary to ensure that its enterprise is secure, available, performing optimally and also compliant with legal and corporate policies.

Pricing and Availability

The FISMA Essentials policy templates are available now as part of the Security Compliance Suite. The Security Compliance Suite comes in Standard and Enterprise editions. The Standard edition is made up of the NetIQ Vulnerability Manager™ solution and the Log Manager module of the NetIQ Security Manager™ solution and starts at $800 per server. The Enterprise edition includes the functionality of the Standard edition, and also provides real-time security monitoring through the Intrusion Manager module of NetIQ Security Manager and starts at $1,120 per server.

For more information about the Security Compliance Suite, please contact your local NetIQ sales representative or call NetIQ at (888) 323-6768.

About NetIQ

NetIQ is a leading provider of integrated systems and security management solutions that empower the IT organization with the knowledge and ability to assure IT service. NetIQ's Knowledge-Based Service Assurance solution embeds knowledge and best practices to ensure operational integrity, better manage service levels and risk and ensure policy compliance. NetIQ's modular, best-of-breed solutions for Performance & Availability Management, Security Management, Configuration & Vulnerability Management, and Operational Change Control integrate through an open, service-oriented architecture allowing for common reporting, analytics and dashboards. For more information about NetIQ, visit or call (888) 323-6768.

Let's Talk

Welcome, Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.

  • Sales: (888) 323-6768

For support information, please visit Technical Support.

Amy Sachrison
Media and Analyst Relations

Phone: (713) 418-5368