Case Study
Security and Compliance in Federal Agencies: 3 Tripwire Use Cases
Use Cases
Ensuring compliance and minimizing
Automating manual tasks and enhancing breach detection
Monitoring critical assets in the public cloud
Tripwire understands the security demands faced by federal government agencies. Security decision makers at these agencies aren’t only tasked with securing operations in a complex threat landscape—they also have to prove regulatory...
eWay: Meeting PCI DSS compliance standards and improving change management processes
Companies began adopting the PCI DSS standard for protection of online transactional data a number years ago, and it is becoming a compliance standard throughout the world, for good reason. Cyberattacks threaten the security of consumer data everywhere and the frequency of breaches is escalating. Finding new solutions and processes to protect consumer data can mean the difference between a company...
Case Study
Tripwire and Astro Making Best Practices a Daily Show
Assessing and managing vulnerabilities is a core cybersecurity practice, but it can put a heavy strain on IT security and operations teams. In many cases, introducing vulnerability management as a service is what’s necessary to overcome the challenge of accumulating vulnerabilities across complex IT environments—especially when time and resources are limited.
This was the case for one mid-size U...
Product Video
Watch a Demo of Tripwire File Integrity Manager
Mon, 08/15/2022
Detecting change in your IT environment is a foundational control necessary to ensure that assets are maintained successfully and securely. Tripwire's suite of essential security controls allows you shorten the time it takes to catch threats, anomalies, and suspicious changes.
This video demonstrates how file integrity monitoring can help enhance the overall security and risk management of your...
Product Video
Watch a Demo of Tripwire Enterprise
Mon, 08/15/2022
Compliance frameworks are notoriously dense and complex, making them difficult to put into action. Compliance is also time-consuming—especially if you’re still attempting manual configuration of your systems, applications, databases and cloud assets. Manual configuration is error-prone and immediately out of date the moment an assessment ends. And a lack of compliance can result in failing audits,...
Product Video
Tripwire Foundational Controls: Essential Cybersecurity for the Modern Enterprise
Mon, 08/15/2022
In an increasingly sophisticated technology landscape, foundational controls keep you secure and compliant. Watch the video to see how Tripwire provides deep visibility and control across IT and OT environments.
...
Department of Defense (DOD) Cybersecurity Compliance
Protecting the Department of Defense (DoD) community is a unique responsibility with unique compliance requirements across a wide variety of platforms and systems. A deep understanding of those requirements is a prerequisite for vendors seeking to support the DoD’s security initiatives and is critical to the success of its mission.
Tripwire has demonstrated its expertise in meeting DoD requirements for nearly two decades, helping over 500 DoD customers evolve as requirements evolve, achieve compliance, and improve cybersecurity. Tripwire compliance solutions cover over 2,000 federally-mandated security compliance OS combinations including NIST 800-53, FISMA, DISA STIGS, and others.
Based on recent work with DoD customers, Tripwire has identified three of the DoD’s top-of-mind compliance requirements that are presenting a variety of hurdles that few DoD partners have the expertise to help agencies overcome. If the following requirements have one thing in common, all three bring both tremendous challenge and promise to the DoD’s cybersecurity mission. Download your copy of the white paper to learn more.
Preparing for the CCRI Program
The Command Cyber Readiness Inspection (CCRI) Program is a comprehensive, formal inspection of cyber readiness compliance led by The Defense Information Systems Agency (DISA). This program focuses primarily on network security policies and programs managed by the local network provider to provide cyber awareness to senior leaders.
The CCRI program holds senior mission Commanders at major...
Datasheet
How Tripwire Helps Control Change
A standard enterprise IT environment is typically composed of widely disparate hardware from multiple vendors running a variety of operating systems and can be spread across multiple datacenters, worksites and the cloud. Because of this growing distribution of IT assets and ever-growing sensitivity of data assets, there is an increased need for adherence to industry standards, government...
Blog
PCI 4.0: The wider meanings of the new Standard
By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data.
In our series about how the new standard differs...
Tripwire File Integrity Monitoring (FIM)
Change detection systems can generate massive amounts of data. What sets Tripwire apart is its ability to add business context to the change data to make it intelligible and actionable.
Blog
What you need to know about PCI 4.0: Requirements 10, 11 and 12
By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...
Blog
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
By David Bruce on Wed, 06/22/2022
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update.
Requirements 5 through 9 are organized under two categories:
Maintain a Vulnerability...
Blog
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
By David Bruce on Tue, 06/14/2022
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems...
Blog
CIS Control 18 Penetration Testing
By Matthew Jerzewski on Wed, 05/11/2022
Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has increased...
Blog
PCI DSS 4.0 and ISO 27001 – the dynamic duo
By Tripwire Guest Authors on Wed, 04/27/2022
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks.
We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed...