LAFAYETTE, CA, March 10, 2011 – Network Frontiers, the premier provider of IT Compliance mapping, has released its Q1 2011 Unified Compliance Framework (UCF) quarterly update. This release marks the first time a compliance framework has successfully bridged the gap between specific technical security events and settings and the actual legal citations which require them.
The new UCF Monitored Events allows policy to directly influence technical implementation and establish clearly defined actions based on events, exactly as required by compliance law, standards, and security best practices.
Effective GRC and data security requires monitoring and reacting to events. If you don’t know exactly what is happening within the corporate network infrastructure, you can’t act proactively in response to potential problems and security breaches. A business can’t be fully in compliance with government and industry regulations or effectively manage risk without event monitoring in place. And governance — making smart decisions about the entire enterprise — is also impossible if you don’t know what is happening within that organization.
GRC and security are most effectively managed when they are part of a holistic, unified system. But, in the real world, they were almost always individual silos; IT had to either physically Network connect them or write policy to bring them together because standard GRC software doesn’t connect with the actual controls, the authority documents that detail compliance and policy.
“The UCF Q1 2011 release turns theory into reality,” says Dorian Cougias, company co-founder and Lead Analyst of the Unified Compliance Framework. “Event monitoring and the correct reaction to an event is finally based on the actual requirements of the laws that affect a particular company, and since the legislated requirement is connected to the required policy action, the entire process can be automated for continuous compliance,” says Cougias.
“We are excited about the new security and audit event log compliance mapping the UCF is bringing to market,” commented Matthew Ulery, Director, Product Management and Marketing at NetIQ. “Working with the UCF throughout the past three years has been invaluable. The UCF has improved and expanded significantly during this time, delivering rich compliance content out-of-the-box. We look forward to continuing our relationship to deliver comprehensive security and Misery compliance management solutions for our customers in the years to come.”
The UCF maps IT controls from over 400 international regulatory requirements, standards and guidelines, and is updated quarterly. Network Frontier’s unique methodology transforms this massive compilation of data into a single set of straightforward requirements that clearly show the many points where multiple regulations overlap, enabling businesses to quickly create a customized set of controls that fully leverage their existing compliance policies, processes and tools.
The UCF is the trusted source for business compliance management and has been licensed for use by industry leaders including Microsoft, McAfee, Lumension, Nitro Security, and NetIQ for use in their own governance, compliance and risk management solutions. The UCF is also available for direct purchase, in spreadsheet format, from Network Frontiers.
Since 1992, Network Frontiers has developed ground-breaking tools to support IT best practices, with a focus on solutions and processes that further the science of compliance, including harmonization methods, metrics, systems continuity and governance. The Unified Compliance Framework (UCF) is Network Frontiers’ flagship product.
The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Latham and Watkins, which oversees all legal aspects of the UCF. More information can be found at unifiedcompliance.com.
By applying the scientific method to compliance — rigorously testing best practices and methodologies as well as analyzing and organizing information into a rational format — Network Frontiers has developed a logical approach to IT compliance that reduces cost, limits liability, simplifies the compliance process and leverages the value of related technologies and services across the enterprise.