You are on page 1of 3


Tripwire Configuration
Compliance Manager 5.17
Asset discovery, configuration and patch compliance
auditing, risk and prioritization reporting
»» Asset Discovery—Find all the
Enterprises in many regulated indus-
tries must comply with rapid regulation
Tripwire CCM Capabilities
IP-addressable assets within and compliance updates and increas- Asset Discovery
your environment and create ingly complex audit requirements. Upon installation of Tripwire CCM,
a hardware and software Global compliance standards in 2014 asset discovery can be rapidly enabled
underwent over 40,000 compliance to discover all IP-addressed active
updates. In addition, increased risk assets such as routers, switches,
»» Configuration Compliance from escalating cyber threats brings gateways, firewalls, desktops, laptops,
significant new challenges to enter- servers and printers. Tripwire CCM
Audit—Agentlessly assess
prise compliance, IT Security, and IT then enumerates the configuration and
and audit compliance of Operations teams. applications discovered on each system
network infrastructure
and provides detailed information on
devices and other key Challenges include:
thousands of configuration variables. It
systems »» Compliance Policy Change and identifies and assesses virtually every-
Complexity thing on the network, from routing
»» Patch Compliance Audit— table entries and access control lists to
»» Gap Analysis
Assess what patches have antivirus and system logging status, all
been applied and know what »» Limited Resources without requiring agent software on the
is missing or available »» Sustaining Audit endpoints.
»» Growing Cybersecurity Risk
»» Audit-Ready Reporting and Configuration Compliance Audit
»» Financial Risk
Dashboards—Different, Tripwire CCM audits each system’s
flexible views of compliance »» Increasing Audit Costs and configuration and compares any con-
Short Timelines figuration changes with relevant best
and audit data based on role
practice and industry standard policies
The Tripwire CCM Solution from NIST, CIS and Microsoft. Tripwire
CCM also provides policies for specific
Tripwire® Configuration Compliance
regulations such as PCI, SOX, HIPAA,
Manager (CCM) delivers innovative
NERC CIP and more.
agentless compliance and security
audit that has proven to be light touch The current release of Tripwire CCM
on most enterprise infrastructure significantly increases Linux policy
and quickly provides value and insight coverage by incorporating over 100
through a risk-prioritized view of enter- Tripwire Enterprise Linux policies.
prise compliance and security posture.

Patch Compliance Audit
Patch compliance auditing is a criti-
cal step in reducing security risk and
achieving compliance. Tripwire CCM
includes a powerful audit capability to
find missing and unapplied patches.
Whether managed through the Tripwire
CCM console or an easy-to-use report,
you can quickly identify which systems
have missing patches that take systems
out of compliance.

Reporting and Dashboards

Tripwire CCM compliance audit scan
results within enterprise environments Fig. 1 Tripwire CCM Aggregate Results of enterprise scan with Percent Compliant
can deliver a detailed and actionable and Risk Scores, plus actionable details.
view of asset compliance and security
posture. The system also delivers pri-
oritized guidance on which findings to
address first.
Complete Enterprise Coverage—
Agent and Agentless Technologies
Tripwire CCM can monitor a wide variety
of systems not typically monitored using Firewalls Switches Critical Systems
agent-based methods (e.g. routers/ Routers Customer Data
Virtual Systems Intellectual Property
wireless routers, switches, gateways,
Gateways Employee Data
firewalls). Tripwire CCM provides sched-
ICS/SCADA Desktops/Laptops
uled and on-demand audits.

Tripwire CCM is complementary to

Fig. 2 Tripwire Security Configuration Management—Tripwire CCM and Tripwire
Tripwire’s agent-based solution,
Enterprise­­­—covers the entire enterprise.
Tripwire Enterprise. Often, enterprise
customers may opt for a blended tech-
nology approach allowing them to place Tripwire CCM provides customers with the risk of industrial automation system
agents such as those used by Tripwire a simple path to add effective security and critical infrastructure disruption
Enterprise on their interior and critical monitoring and assessment without and downtime due to cyber threats from
servers, Active Directory servers and touching ICS or SCADA equipment, external attacks, malicious insiders and
key databases, and use the agentless putting operational availability at risk human error.
technology of Tripwire CCM to moni- or requiring a complicated deployment. 
tor and audit network infrastructure Rather than retrofitting security tools Summary
devices, edge, and desktops—all of built for IT, Tripwire CCM for Industrial
Tripwire CCM’s agentless ease-of-man-
which can be more challenging to moni- Automation is a purpose-built low/
agement lowers cost of compliance
tor and maintain using agents. no-touch solution for industrial security
for enterprise regulatory audits and
with configuration assessment, change
minimizes risk while increasing uptime
and threat detection for industrial
Tripwire CCM and ICS environments.
by ensuring that systems also remain
Industrial control systems (ICS) moni- configured in compliance with organiza-
tor and control industrial and physical Tripwire CCM supports the industry tional policies.
infrastructure processes and include a standard ANSI/ISA 62443-3-2 for net-
wide range of devices and processes, work segmentation and secure zones
such as supervisory control and data and conduits, securing zone ingress/
acquisition (SCADA) systems, process egress and ICS system security. Tripwire
control systems (PCS), process control CCM assures that required network seg-
domains (PCD), and building automation mentation configurations are set and do
and control systems (BACS). not “drift” from the policy. This reduces
Features and Benefits
Asset Discovery Quickly find all assets within your environment, create and maintain a hardware and software inventory—most organizations find
at least 10–15% more assets than they realized were present in their environment.
Configuration Easily assess network infrastructure devices, desktops and servers for audit compliance, with visualized and actionable col-
Compliance Audit or-coded prioritization.
File and System Most compliance standards require some type of file and system integrity monitoring for assets “in-scope.” Tripwire CCM’s mon-
Integrity Monitoring itoring is on-demand or scheduled, and provides change deltas from prior assessment, giving trends and insight as to how the
environment is maintaining compliance.
Patch Compliance Audit Know if your critical systems have the latest security patches applied and fulfill many compliance requirements to keep systems
current, patched and hardened against possible cybersecurity threats.
Audit-Ready Reporting Different audiences within the organization need different views of compliance, trends and audit data; Compliance, IT Security, IT
and Dashboards Operations, and executives all have specific information needs that can be flexibly and visually presented based on roles.
Continuous Compliance Overall these capabilities combine to help enterprises achieve continuous compliance rather than a highly variable status as they
prepare for “point-in-time” compliance, and has been shown to reduce compliance and audit readiness costs by 25–40%.

SCAP Scans Supported Platforms

»» RHEL 4–7 »» Windows XP, 8
With Tripwire CCM you can »» SUSE 9.3–11 »» Windows Server 2000–2012
easily view Security Content
»» Solaris 7–11 »» Microsoft Active Directory
Automation Protocol
»» VMware ESX Server 3.0–5.x »» Microsoft SQL Server 2000–2012
(SCAP) scan results all
»» VMware ESXi 3.5–5.x »» Oracle 9i–12c
in one place, produce a
»» Fedora 7–14 »» Apache 2
compliance report and
»» IBM AIX 4.3–6 »» Microsoft IIS 6–7.5
confidently assure our
agentless technology »» IBM i5 OS »» Microsoft Office 2007
leaves zero trace on »» HP-UX 10.20–11 »» Symantec AntiVirus
the systems scanned, »» Debian »» Trend Micro AntiVirus
demonstrating SCAP »» Cisco IOS 11–15 »» McAfee Virus Scan
compliance and report »» Cisco ASA »» PatchLink Update Agent
results for a Continuous »» Cisco PIX »» Microsoft Exchange Server 2007
Diagnostics and Mitigation »» Check Point Firewall »» MySQL 4.1–5.1
(CDM) program. »» Juniper Network Infrastructure »» DB2

Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial
organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity
asset visibility and deep endpoint intelligence combined with business context; together these solutions
integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions
includes configuration and policy management, file integrity monitoring, vulnerability management,
log management, and reporting and analytics. Learn more at

The State of Security: Security News, Trends and Insights at

Follow us on Twitter @TripwireInc » Watch us at

©2017 Tripwire, Inc. Tripwire, Log Center/LogCenter, IP360 and Tripwire Axon are trademarks or registered trademarks of Tripwire, Inc.
All other product and company names are property of their respective owners. All rights reserved. TCCM517j 201610