May 20, 2008 09:00 ET

BigFix Security Configuration Management Libraries Lock on to Compliance Goals

First Installment: DISA STIG Support Across Windows, Linux, and Unix

EMERYVILLE, CA--(Marketwire - May 20, 2008) - BigFix, Inc., a leader in real-time IT security and management solutions for the distributed enterprise, has reached an important milestone in its drive to revolutionize system configuration compliance processes through customer and partner availability of BigFix Security Configuration Management Compliance Controls (SCMCC). The offering consists of a library of pre-packaged configuration audit settings and reporting content designed to provide configuration change detection, reconciliation against desired security policies, and remediation of out-of-compliance policies on supported platforms. The BigFix SCMCC solution operates through the BigFix Discovery 7 technology platform and targets common industry best practices and regulatory compliance standards, such as the Standard Technical Implementation Guides (STIG) development by the Defense Information System Agency (DISA).

See, Assess, Enforce, Comply

The SCMCC offering focuses BigFix real-time visibility and control to support IT regulatory compliance initiatives and security configuration standards at scale in heterogeneous environments. Driven by audit and regulatory compliance needs, IT organizations and CIOs in the vast majority of public and private organizations lack clear visibility or automated control over compliance audit and reconciliation of IT infrastructures that can consist of 1000s-to-100,000s of distributed PC, laptop, handheld, and server computers. The SCMCC configuration audit libraries when distributed, enforced, and reported through the BigFix technology platform, will change the compliance process from "push, pray, and probe" to see, assess, enforce, and monitor IT compliance policies in real-time.

"The biggest problem that organizations face when defining their compliance objectives is visibility. It's simple. You can't prove that you comply with something if you have no visibility into it," said Jim Hansen, senior product manager for BigFix. "In our view, compliance and effective IT infrastructure management should be synonymous. The SCMCC configuration audit libraries are a big step in changing compliance from a cost of doing business to an engine for higher levels of IT effectiveness and value generation."

"Adding BigFix to the mix will take a big bite out of the complexity and administrative overhead of implementing and maintaining compliance with key government and industry standards," said Chris Knotts, director of federal solutions for Force 3, Inc., a leading solutions integrator focused on the federal government market. "DISA STIG and FDCC are an excellent place to start the SCMCC initiative, as these standards are at the top of the list for security best practices compliance throughout the federal government."

Real-Time Visibility and Control for Technical Controls Compliance

BigFix SCMCC leverages the BigFix Discovery 7 platform to bring massive scalability, real-time visibility, and continuous control across distributed desktop, mobile, and server endpoint computers subject to regulatory compliance initiatives. SCMCC consists of a BigFix-developed Library of Common Technical Configuration Policies that map to industry or customer-specific technical control standards on widely-distributed desktop, mobile, and server computers. The BigFix Discovery 7 platform provides a consolidated visibility and control fabric to distribute, apply, and report compliance with a customer's specific policy set. The BigFix Compliance Controls libraries run today on Windows and UNIX (including Sun Solaris) platforms, with Linux support currently under testing and qualification.

The DISA STIG initiative represents the first set of configuration standards addressed by BigFix SCMCC. Developed by DISA in response to the Department of Defense Directive (DODD) 8500.1, the STIG guidelines are required procedure at DoD agencies, and have been widely adopted by other federal, state, and local government agencies, and private sector organizations throughout the world. Using the SCMCC libraries, the BigFix technology platform's heterogeneous infrastructure management abilities will enable customers to apply DISA STIG policies to widely used platforms such as Microsoft Windows 2003 and Sun Solaris through the BigFix single agent, single infrastructure real-time visibility and control infrastructure.

In addition to the base set of configuration audit controls, BigFix has also announced today that it has engaged DOMUS IT Security Laboratory to perform Security Content Automation Protocol (SCAP) compliance validation of its Federal Desktop Core Configuration (FDCC) Scanner for the BigFix Discovery 7 platform on Windows XP and Windows Vista. The validation will also include coverage for the Authenticated Configuration Scanner, Authenticated Vulnerability and Patch Scanner, Patch Remediation, Asset Scanner, and Asset Database. These solutions, combined with the FDCC Scanner SCAP validation, will enable federal agencies to thoroughly and accurately report on system configurations and security posture as mandated by the OMB. This validation demonstrates BigFix's commitment to support strategic government initiatives such as SCAP and other standards from organizations such as DISA and NIST.

About BigFix

BigFix®, Inc. offers the only real-time converged PC and server lifecycle configuration and endpoint protection framework that enables organizations to see, change, and enforce IT policies in real-time at global scale. Designed for highly distributed and complex IT infrastructures, BigFix delivers real-time endpoint visibility and control through its single-agent/single console, multi-function, on-demand architecture. Its award-winning technology is proven in production in top-ranked Wall Street financial firms; leading retailers; healthcare delivery organizations; national, state/provincial and local governments; and educational institutions. For more information visit

© 2008 BigFix, Inc. All rights reserved. All company and product names mentioned herein may be trademarks of their respective companies.

Contact Information

  • Press contact:
    Rosemary Miller
    Citigate Cunningham for BigFix, Inc.
    Email Contact