COMPANY
ABOUT CFENGINE
WHAT IS CFENGINE?
PEOPLE
PARTNERS
USER REFERENCES
CONTACT US
HISTORY OF CFENGINE
ABHORING PATENTS
JOB OPPORTUNITIES
PRODUCTS
CFENGINE NOVA
ORION CLOUD PACK
DEMO VIDEOS
CFENGINE COMMUNITY
LICENSE OFFERS
LICENSE FOR CONSULTANTS
FAQ
SUPPORT
REGISTER A TICKET
SUPPORT SERVICES
TRAINING
CONSULTANCY
THE ENGINE ROOM
VISION
EXAMPLES
USE CASES
GREEN IT
>COMPLIANCE
SERVER LIFE-CYCLE
WHITE PAPERS
NEWSROOM
CFENGINE NEWS
CFENGINE IN THE MEDIA
PRESS RELEASES
CFTIMES
RSS FEEDS


Some Cfengine Users

ENSURING COMPLIANCE

SOX, EUROSOX, STIG, FDCC, SAS-70, IAVA baselines ...

Cfengine's self-healing technology is fundamentally about keeping promises.
Our distributed agents steer systems within desired bounds, keeping a promised course. If something in the system changes unpredictably, driving the system away from this plan, Cfengine will automatically re-adjust the system to restore compliance. This is self-healing at the system level. Some companies offer something like this autonomic behaviour only for optimizing service performance -- with Cfengine it applies at all levels, from performance to basic system configuration.

In business and government, most compliance requirements involve limiting access to files. Managing file security is one of the simplest ways to use Cfengine. Process management is equally important, however. Cfengine verifies that those processes which should be running are indeed running, and that processes that should not be running are not. Commercial Cfengine products (Cfengine Nova, Cfengine Constellation and Cfengine Galaxy) go beyond the bare bone and integrate the plans and results into its self-adapting and self-learning Knowledge Map for instant overview of the system and its state of repair (see illustration). This allows you to demonstrate control over your environment, and have the confidence of certain knowledge about desired state.

Cfengine stands out as a natural choice for managing security. By running Cfengine to check content, privileges and access controls, systems will never be at risk for longer than it takes to complete one scan and start the next. Cfengine guards and repairs systems with a level of precision that you decide. Just choose the schedule for compliance checking and Cfengine will do the rest. Remember that compliance checks consume resources, however, so choose reasonably.

Cfengine improves security at many levels and eliminates the need for on-the-fly manual decisions that can often lead to human error. Let humans define the rules and have machines do the work. This reduces the chances for failure and frees up time for the humans to spend more time on improving the total performance of the system.

Overall Cfengine is a perfect tool for achieving business and regulatory compliance. Our solution will support your organization's needs, reduce your costs and improve response rates. In addition the human readable Cfengine-language makes the audit process quick and effective without the need for third party specialists.

Benefits of using Cfengine for compliance:

  • Maintains and repairs file permissions in a cross-platform, policy-driven manner.
  • Self healing to compliant state (no manual work required).
  • Decide your own security audit SLA.
  • Quicker response time to regulatory and business demands.
  • Easy to edit and extend compliance rules.

Additional benefits of using Commercial cfengine solutions for compliance:

  • Simple metered summary of site and machine compliance over past hour, day and week.
  • Self-learning knowledge map displays current state in relation to policy.
  • Continually updating, lightweight audits demonstrate control over your environment.
  • Knowledge management for ITIL/COBIT best practices.
  • Change tracking and documentation for ISO/IEC 20000 compliance (based on ITIL).

Looking to be ITIL-conformant? Look at our white paper on integrating Cfengine into an ITIL framwork.