New Boundary Home Automated Security Compliance
 

Policy Commander® - Frequently Asked Questions
What does Policy Commander do?

Policy Commander automates the monitoring and enforcement of security policies on Windows computers. Within the console, Policy Commander provides both a graphical summary view of compliance across the entire enterprise, and a detailed-level view of security policies and computers. Policy Commander enables organizations to enforce policies automatically or manually. In addition, Policy Commander sends out alerts to notify the appropriate personnel when a computer is no longer in compliance with a policy.

What security policies are included with Policy Commander?

Policy Commander contains a library of approximately 70 security policies, which range from the very simple (e.g., disable automatic Windows update) to the complex security policies defined in the Microsoft Windows Server 2003 Security Guide. Because IT security is a vital component of regulatory compliance, New Boundary Technologies’ library of policies can be used to comply with a variety of regulatory mandates, including HIPAA, the PCI Data Security Standard and the Graham-Leach-Bliley Act. New Boundary Technologies is continually adding new security policies to the library.
What is Smart Update™?
Smart Update™ is a patent-pending technology from New Boundary Technologies that automates administrative configuration management tasks on Windows desktops, laptops, and servers. Compared to the methodology used by other vendors, Smart Update™ is a quantum leap in simplifying and streamlining system configuration management. The ‘old school’ method attempts to collect every setting from every managed computer and store them in a massive database (as many as 40,000 settings per computer). Periodic scans are needed to determine configuration changes and update the database. Intervals between scans have to be long because a huge amount of data may be collected with each scan. Administrators are then presented with complex reports that attempt to make sense of the millions of configuration settings in the database. The scan-based method is extremely complex to the point of information overload, uses considerable network bandwidth, is generally not in real-time, offers little or no remediation, and therefore has no good mechanism for resolving configuration drift.

With Smart Update, computers know their own configuration state and can take action based on that knowledge. This allows Policy Commander to send policies only to the systems to which they apply based on their configuration. It allows for real-time monitoring of policies without generating network traffic. More important, Smart Update™ detects problems in near real-time and automatically remediates them. The remediation step limits data transfer to only settings that were changed in order to restore compliance, so network bandwidth use is totally minimized. In addition, reports are simple and intuitive, communicating only the information that is relevant to resolving an issue. With Smart Update™, dynamic monitoring and enforcement of security policies eliminates security configuration drift.
How does Policy Commander support regulatory mandates such as HIPAA, the PCI Data Security Standard and the Gramm-Leach-Bliley Act?

Policy Commander provides a powerful security configuration foundation for organizations required to comply with regulatory measures like HIPAA. The PCI Data Security Standard and GLBA.  Our configuration and compliance solutions have helped administrators meet the IT control requirements for a variety of regulatory mandates. Policy Commander expands on our competencies by providing the following:

  • Complete, centralized security policy management.
  • Immediate, up-to-date security configuration information to help company executives and auditors make informed compliance decisions.
  • Easy-to-understand, real-time status and view of an organization’s computer policy compliance state.
  • Automated and continuous monitoring, remediation, and enforcement of all security policies.
  • A library of “best practices” policies from New Boundary Technologies, Microsoft, NSA and NIST that can quickly be deployed and implemented.
What are Configuration Groups and how do they work?

Configuration Groups are dynamically populating computer groups created by administrators that are based on any desired configuration trait. While Policy Commander leverages an organization’s native Active Directory structure, there are frequently times when administrators need to group computers by configuration traits rather than organizational units. Configuration Groups leverage Smart Update to identify computers with the selected configuration parameters and automatically place them into those groups. Once in a configuration group, configuration tasks assigned to the groups are automatically performed.

What is a Dynamic Security Policy?
The Dynamic Security Policy format is a proprietary format created by New Boundary Technologies to add intelligence to security policies. The format allows for a much higher degree of automation in policy assignment and enforcement. The Dynamic Security Policy format defines computer security policies based on three key attributes – applicability, compliance, and enforcement. Determining which security policies apply to which computers was formerly a major challenge for administrators, who had to manually determine computer types, roles, operating systems, installed applications, and other characteristics for every computer within the environment. With applicability rules built into each Dynamic Security Policy, administrators can simply deploy security policies to the network and rely on Policy Commander’s automated intelligence to assign them to the right computers. Dynamic Security Policies work seamlessly with Smart Update™ to continuously check computers to assure compliance with security policies, even when computers are not connected to the network. The enforcement rules and logic within each Dynamic Security Policy enables Policy Commander to intelligently determine what actions to take to automatically bring computers into compliance with their assigned policies.
How is Policy Commander licensed?
Policy Commander is licensed per managed computer for both workstations and servers.
What does Policy Commander do that I can not already do with MS Group Policy?

Policy Commander allows administrators to target specific computers or groups of computers based on their role, operating system and security level, while Group Policy is much less granular in its targeting capabilities. Group Policy requires the managed server and workstation to be authenticated to the network while Policy Commander can continuously monitor and enforce policies even when systems are offline. Group Policy does not manage complex security policies, such as those requiring conditional assessments.

In addition, Policy Commander also:

  • Provides a graphical, high-level summary view of policy compliance.
  • Automates alerts and notifications in cases of non-compliance.
  • Delivers continuous security policy enforcement.
  • Provides intuitive reports on computer and policy compliance status.
What operating systems does Policy Commander support?
Policy Commander supports Windows 2000, Windows Server 2003, Windows XP and Vista.
 
Product Overview
Features
Resource Library
Version History
Policy Knowledge Base
Upgrade
FAQs
Demo's and Webcasts
 
Government
Lockdown Guide Now Available!

See Policy Commander live
and in action.

Brochures
Download Brochures
brochure Policy Commander 2.0 Brochure

Screen Shots
Policy Commander Console
Policies Tab Screenshot

| Solutions | Products | Company | Support | Partners | Site Map |