Continuously Compliant and Secure Endpoints

CIS Benchmarks

CIS Benchmarks, developed by a global community of cybersecurity professionals, are a collection of best practices for securely configuring IT systems, software, networks, and cloud infrastructure.
HCL BigFix Compliance has the richest contents in the industry to help an organization implement CIS Benchmarks. It provides checklists out of the box for more than 60 operating systems and middleware applications to enable an organization to implement CIS benchmarks effectively and consistently. The checklists are constantly refreshed by the BigFix team to support the latest benchmarks.

CIS Controls

Developed by many leading security experts based on threat data and security incidents across the industries, CIS Controls consists of a set of recommended security best practices to be implemented by all organizations to block security attacks and establish a better defense posture. CIS Controls are also recommended to be implemented to help demonstrate compliance to some regional regulations such as California State’s CCPA or New York State’s SHIELD.
HCL BigFix is an effective endpoint management solution to help organizations discover, manage and protect all their endpoints. Many of the CIS Controls can be effectively addressed by leveraging the BigFix capabilities.

CISA KEV

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability (KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.
HCL BigFix has released a new dashboard in reducing the amount of time and resources required to gather up all the items in the KEV, link them to the correct content that applies to your specific environment, and then automate the remediation of these vulnerabilities on applicable endpoints.

DISA STIG

DISA's Security Technical Implementation Guide (STIG) is the basis for evaluating the security configurations of all government systems and applications. The STIG is designed to help safeguard systems and applications from being attacked.
HCL BigFix Compliance has the richest contents in the industry to help an organization implement DISA STIG. It provides checklists out of the box for more than 60 operating systems and middleware applications to enable an organization to implement DISA STIG effectively and consistently. The checklists are constantly refreshed by the BigFix team to support the latest STIGs.

ISO 27001

ISO 27001 is an international information security standard applicable to all organizations, regardless of type, size or nature. It includes a set of Security Controls — a total of 114 Controls, divided into 14 categories — with clearly stated objectives and implementation guidance for each Control. ISO 27001 has been widely adopted by organizations to create a comprehensive information system security program.
BigFix can be used by an organization to implement applicable ISO 27001 Controls to establish a secure baseline across an organization’s servers and clients devices.

NIST Cybersecurity Framework for Ransomware Risk Management

Ransomware is a growing security threat worldwide. In response, NIST published the Cybersecurity Framework Profile for Ransomware Risk Management to help organizations understand how to mitigate ransomware threats and respond appropriately if attacked. BigFix provides a rich set of functions and capabilities that organizations can use to successfully implement the five categories of functions defined in the Ransomware Profile, thus strengthening their defenses against ransomware and other security incidents.

NIST SP 800-53

NIST SP 800-53 is a catalog of Security Controls recommended for all U.S. federal information systems and organizations. NIST SP 800-53 Revision 5 contains 20 Control Families with each Control Family consisting of a set of related Security Controls. HCL BigFix, an industry leading endpoint management and security solution, has been used by customers to comply with NIST SP 800-53.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. BigFix helps comply with this to ensure confidentiality and security of health information.

PCI DSS

To help safeguard sensitive customer data, organizations that process, store or transmit payment card data are required to comply with the Payment Card Industry Data Security Standard - PCI DSS. This global security program is designed to help protect against the theft, exposure or leakage of customers’ personal and financial information.
HCL BigFix Compliance has a PCI Add-on module to provide additional PCI relatd contents and specialized dashboards and reports to assess and summarize the overall compliance status against each PCI-DSS requirement and milestone. It can help an organization effectively mitigate payment card-related risk and comply with the PCI-DSS requirements.

RBI

The Reserve Bank of India (RBI) issued a Cybersecurity Framework for all commercial banks in India to implement so the banks can proactively establish policies and procedures and adopt technologies to address the increasing security threats in a more effective way.

Blogs