Enterprise Certified

IT Security for Regulatory Compliance

ECAR™ for GLBA

Enterprise Compliance Auditing & Reporting

The Gramm Leach Bliley Act (GLBA) was enacted to ensure greater controls over financial information and privacy. The Federal Financial Institutions Examination Council's (FFIEC) is an interagency body charged with GLBA enforcement. The FFIEC have established Tier I and II examination objectives and procedures. Consistent with the FFIEC and subsequently, the Federal Information Security Management Act (FISMA) has further defined how governmental agencies and commercial contracting organizations must comply with an exhaustive number of technical, operational and management requirements and controls. The National Institute of Science and Technology's (NIST) Special Publication 800-53 provides recommended guidance for FISMA compliance.

The ECC Enterprise Compliance Auditing and Reporting (ECAR™) system maps over 175 Microsoft Windows IT security events to the technical and operational specifications defined by the FFIEC objectives and procedures. Utilizing Microsoft Operations Manager (MOM) server, events are tracked and a variety of auditing reports are generated.

ECAR™ for GLBA (PDF)

ECAR™ GLBA FEATURES

  • Over 175 Windows Server IT Security Events
  • Collective and Individual Event Views

  • Audit Reports and Trails

  • Fully Customizable and Extensible

  • Events mapped to FFIEC Recommended Controls:
    1. Authentication and Access Controls
    2. Network Security
    3. Host Security
    4. User Equipment Security
    5. Application Security
    6. Software Development and Acquisition
    7. Business Continuity-Security
    8. Intrusion Detection and Response
    9. Encryption
    10. Data Security

    ECAR™, MICROSOFT AND NIST

    The Microsoft Windows Servers and controls provide a framework for vertical regulatory compliance auditing and reporting solutions. Microsoft Operation Manager (MOM) facilitates the collection of events and manages the ability to customize views and reports. Building on this foundation, ECC developed ECAR™ around NIST recommendations as a compliance auditing and reporting environment. ECAR™ is used to identify security compliance issues for both assessment and mitigation purposes. As the proactive monitoring capability of the MOM platform progresses, so will an organization's ability to react and adjust its risk posture. ECAR™ provides the framework to achieve these ends.

    ECC wants to acknowledge the ground breaking efforts of NIST and in particular the team responsible for SP 800-53.