Symantec Control Compliance Suite
Prioritize remediation efforts based on a composite view of risk.

Features & Benefits:

Benefits

• Improve your risk posture by continuously assessing vendors' IT security policies and procedures
• Clearly communicate accurate and up-to-date vendor risk information to executives on short notice
• Reduce the time and effort associated with collecting vendor assessment data
• Cost-effectively scale your vendor risk management program
• Make more informed vendor selection decisions by assessing a vendor's IT security readiness

Features

• Auto-calculated vendor risk scores based on multiple evidence sources
• Shared Assessments content for controls-based vendor assessment
• Centralized, Web-based repository to manage the vendor assessment process and capture vendor risk data
• Web-based vendor gateway provides a single location for vendors to manage and respond to assessment requests from one location and route requests to appropriate contacts
• Vendor tiering based on data risk and business criticality
• Assessment scheduling to collect data at regular intervals, based on requirements

Use Case

A large financial services company needed to ensure that their business data is protected across their ecosystem of over 12,000 vendors and partners. Because of the highly manual process involving email and spreadsheets, the vendor risk team was only able assess vendors once, generally after the business owners selected a vendor. The CISO wanted a more streamlined process that would allow them to continuously monitor vendor risk and cost-effectively scale their vendor risk management program. Using Control Compliance Suite Vendor Risk Manager, they were able to tier vendors based on data risk and automate the vendor risk management process. This saved them considerable time and money and allowed them to assess vendors at regular intervals. Reports and dashboards based on current data greatly improved management visibility of their vendor risk exposure.

Additional Symantec Solutions for IT Risk and Compliance

Control Compliance Suite provides a solid framework on which to build your IT Governance, Risk, and Compliance program. You can communicate IT risk in business-relevant terms, prioritize remediation efforts based on risk, and automate time-consuming manual processes to improve your overall security and compliance posture.

Control Compliance Suite is a modular solution, comprising of seven key components. These components are fully interoperable and available separately or as part of the broader suite. Key infrastructure capabilities available with all modules include a unique and highly scalable data framework to normalize and analyze large volumes of data, customizable Web-based dashboards and reports, and workflow integration with remediation ticketing systems.

Symantec™ Control Compliance Suite Policy Manager
simplifies policy management with out-of-the-box policy content for multiple mandates, automatically mapped to controls and updated on a quarterly basis.

Symantec™ Control Compliance Suite Risk Manager
conveys the impact of IT risk in business-relevant terms. You can work with business leaders to identify IT risk thresholds, assign ownership, and track risk reduction over time.

Symantec™ Control Compliance Suite Standards Manager
is an industry-leading configuration assessment solution designed to evaluate if systems are secured, configured, and patched according to standards.

Symantec™ Control Compliance Suite Vulnerability Manager
performs end-to-end vulnerability assessment of Web applications, databases, servers, and network devices, delivering a single view of security threats across your IT infrastructure.

Symantec™ Control Compliance Suite Virtualization Security Manager
allows you to confidently take advantage of the benefits of virtualization without worrying about degrading your security or compliance posture.

Symantec™ Control Compliance Suite Assessment Manager
simplifies the evaluation of procedural controls by providing automated Web-based questionnaires. These questionnaires can also be used to evaluate overall employee security awareness.

System Requirements:

Control Compliance Suite Core

Software Requirements

Operating System

• Windows Server 2003 SP2 x64 Enterprise or Standard edition
• Windows Server 2003 R2 SP2 x64 Enterprise or Standard edition
• Windows Server 2008 SP2 x64 Enterprise or Standard edition
• Windows Server 2008 R2 x64 Enterprise or Standard edition

Database

• Microsoft SQL Server 2005 SP2 or later (32-bit and 64-bit computers)
• Microsoft SQL Server 2008 SP1, SP2 (32-bit and 64-bit computers)
• Microsoft SQL Server 2008 R2 (32-bit and 64-bit computers)

Other Software

• Microsoft .Net Framework 3.5 SP1
• Oracle Instant Client 10.2.0.4
• Internet connection for CCS service
• Internet Explorer 8.0
• Internet Information Service (IIS)
• ASP.NET v4.0.30319
• ASP.NET v4.0.30319 Web Service Extensions

Hardware Requirements

For deployment on a single server

• Minimum memory: 4GB
• Minimum processor: Dual Proc 3GHz
• Minimum hard disk space: 140GB

SQL Server

• Minimum memory: 4GB
• Minimum processor: Dual Proc 3GHZ
• Disk Sizing: Refer to the Planning and Deployment Guide

Some Control Compliance Suite modules have additional system requirements, which are outlined below.

Control Compliance Suite Assessment Manager

Control Compliance Suite Assessment Manager Server

Operating System

• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2008 SP2 or later

Database

• Microsoft SQL Server 2005 SP2 or Microsoft SQL Server 2008

Other software

• Microsoft .Net Framework 3.5 SP1
• Microsoft Internet Information Services (IIS) 6.0 or later
• Microsoft Internet explorer 7.0 or later

Hardware

• Minimum memory: 512MB
• Minimum processor: Pentium 4-compatible or faster processor
• Minimum hard disk space: 40MB

Control Compliance Suite Assessment Manager Windows Module

Operating System

• Microsoft Windows Server 2003 SP2 or later
• Microsoft Windows Server 2008 SP2 or later
• Microsoft Windows 7/XP Professional with SP2/Vista or later

Other Software

• Microsoft Internet explorer 7.0 or later
• Microsoft Office 2007 or later
• Microsoft .Net Framework 3.5 SP1
• Windows Media Player with codecs

Hardware

• Minimum memory: 256MB
• Minimum processor: Pentium 4-compatible or faster processor
• Minimum hard disk space: 40MB

Control Compliance Suite Assessment Manager Web Client

Software

• Microsoft Internet Explorer 7 or later
• Windows Media Player with codecs
• Desktop Experience feature on Windows

Control Compliance Suite Virtualization Security Manager

Control Compliance Suite Virtualization Security Manager is a 64-bit virtual appliance. The virtual environment must be capable of running 64-bit virtual machines. Control Compliance Suite Virtualization Security Manager is delivered in the Open Virtualization Format (OVF) via a single .ovf file that has two virtual machine disk (VMDK) files that contain the appliance software.

Browser

• Firefox v3.6+
• Internet Explorer v7+ web browser

Hypervisor Support

• VMware vSphere 5.0 Enterprise Edition
• VMware vSphere 4.0+ Enterprise Edition
• VMware Infrastructure 3.5 (ESX, ESXi and vCenter)

Hardware

• Minimum memory: 4GB
• Minimum processor: 2 Virtual CPUs
• Minimum hard disk space: 30GB

Control Compliance Suite Vendor Risk Management

Control Compliance Suite Vendor Risk Manager Administrative Console

Operating System

• Microsoft Windows 2008 (32bit or 64bit)

Database

• Microsoft SQL Server 2005 SP3 or higher
• Microsoft SQL Server 2008
• Microsoft SQL Server 2012

Other Software

• Microsoft .NET Framework 3.5 or higher
• Control Compliance Suite 11.0 - Product Update - PU 2012-1
• Control Compliance Suite Quick Fix 10106 for CCS v11.0 PU 2012-1
• Control Compliance Suite Assessment Manager 10.5 and PCU 2011-2 or above

Hardware

• Minimum memory: 4GB
• Minimum hard disk space: 20GB

Control Compliance Suite Vendor Risk Manager Relationship Gateway

Operating System

• Microsoft Windows 2008 (32bit or 64bit)

Database

• Microsoft SQL Server 2005 SP3 or higher

Other Software

• Apache Tomcat 7.x
• JAVA 7 or higher
• Microsoft Active Directory / OpenLDAP 2.4 or higher

Hardware

• Minimum memory: 4GB
• Minimum hard disk space: 20GB

Control Compliance Suite Vulnerability Manager

Operating System

• Windows Server 2008 (R2 SP1), Standard, Enterprise 64-bit
• Windows Server 2003 (R1 and R2, SP2), Standard, Enterprise 64-bit
• RHEL Server 5.x 64-bit

Database

• Embedded PostgreSQL

Browser

• Internet Explorer 7.0.x, 8.0.x, and 9.0
• Mozilla Firefox 10.0.x and 17.0.x
• Google Chrome

Hardware

• Minimum memory: 8GB
• Minimum processor: 2GHz
• Minimum hard disk space: 80GB+ for Security Console with local Scan Engine; 10GB+ for distributed Scan Engines

Documentation:

Download the Symantec Control Compliance Suite Datasheet (PDF).