Secure configuration management system
First Claim
1. A system to manage a secure configuration management strategy for an enterprise via an automated back-end configuration management computer server, comprising:
- (a) a configuration benchmark data store including a plurality of secure configuration benchmarks;
(b) a communication interface to facilitate an exchange of electronic messages, including messages exchanged via a distributed communication network, supporting interactive user interface displays at remote user devices; and
(c) the back-end configuration management computer server, coupled to the configuration benchmark data store and the communication interface, programmed to;
(i) retrieve one of the secure configuration benchmarks,(ii) provision, by an orchestration engine, an initial operating system software build in accordance with the retrieved secure configuration benchmark and an automation template,(iii) apply, by a provisioning tool, enterprise-specific modifications to the initial operating system software build to create an environment compliant with an enterprise standard benchmark,(iv) validate the enterprise standard benchmark via secure configuration and vulnerability checks,(v) apply at least one configuration update to the enterprise standard benchmark to create a software service instance,(vi) apply application code to the software service instance;
(vii) label the software service instance with a build name according to a naming convention that includes an application build identifier, a version, current as of date information, a security modification identifier, a benchmark version, and a benchmark source;
(viii) execute a reboot and refresh process; and
(ix) execute a risk rank process to prioritize software remediation efforts by the enterprise based on said build name;
wherein the retrieved secure configuration benchmark is associated with at least one of;
a national institute of standards and technology checklist, and a department of defense security technical implementation guide.
1 Assignment
0 Petitions
Accused Products
Abstract
According to some embodiments, a configuration benchmark data store may include a plurality of secure configuration benchmarks. A back-end configuration management computer server may retrieve one of the secure configuration benchmarks and provision, by an orchestration engine, an initial operating system build in accordance with the retrieved secure configuration benchmark and an automation template. The back-end configuration management computer server may then apply, by a provisioning tool, enterprise-specific modifications to the initial operating system build to create an environment compliant with an enterprise standard benchmark. The back-end configuration management computer server may validate the enterprise standard benchmark via secure configuration and vulnerability checks, apply at least one configuration update to the enterprise standard benchmark to create a service instance, and then apply application code to the service instance.
40 Citations
14 Claims
-
1. A system to manage a secure configuration management strategy for an enterprise via an automated back-end configuration management computer server, comprising:
-
(a) a configuration benchmark data store including a plurality of secure configuration benchmarks; (b) a communication interface to facilitate an exchange of electronic messages, including messages exchanged via a distributed communication network, supporting interactive user interface displays at remote user devices; and (c) the back-end configuration management computer server, coupled to the configuration benchmark data store and the communication interface, programmed to; (i) retrieve one of the secure configuration benchmarks, (ii) provision, by an orchestration engine, an initial operating system software build in accordance with the retrieved secure configuration benchmark and an automation template, (iii) apply, by a provisioning tool, enterprise-specific modifications to the initial operating system software build to create an environment compliant with an enterprise standard benchmark, (iv) validate the enterprise standard benchmark via secure configuration and vulnerability checks, (v) apply at least one configuration update to the enterprise standard benchmark to create a software service instance, (vi) apply application code to the software service instance; (vii) label the software service instance with a build name according to a naming convention that includes an application build identifier, a version, current as of date information, a security modification identifier, a benchmark version, and a benchmark source; (viii) execute a reboot and refresh process; and (ix) execute a risk rank process to prioritize software remediation efforts by the enterprise based on said build name; wherein the retrieved secure configuration benchmark is associated with at least one of;
a national institute of standards and technology checklist, and a department of defense security technical implementation guide. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computerized method to manage a secure configuration management strategy for an enterprise via an automated back-end configuration management computer server, comprising:
-
retrieving, by the back-end configuration management computer server from a configuration benchmark data store including a plurality of secure configuration benchmarks, one of the secure configuration benchmarks; provisioning, by an orchestration engine, an initial operating system software build in accordance with the retrieved secure configuration benchmark and an automation template; applying, by a provisioning tool, enterprise-specific modifications to the initial operating system software build to create an environment compliant with an enterprise standard benchmark; validating the enterprise standard benchmark via secure configuration and vulnerability checks; applying at least one configuration update to the enterprise standard benchmark to create a software service instance; applying application code to the software service instance; labeling the software service instance with a build name according to a naming convention that includes an application build identifier, a version, current as of date information, a security modification identifier, a benchmark version, and a benchmark source; executing a reboot and refresh process; and executing a risk rank process to prioritize software remediation efforts by the enterprise based on said build name; wherein the retrieved secure configuration benchmark is associated with at least one of;
a national institute of standards and technology checklist, and a department of defense security technical implementation guide. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory, computer-readable medium storing program code, the program code executable by a computer processor of an automated back-end configuration management computer server to cause the computer processor to perform a method to manage a secure configuration management strategy for an enterprise, comprising:
-
retrieving, by the back-end configuration management computer server from a configuration benchmark data store including a plurality of secure configuration benchmarks, one of the secure configuration benchmarks; provisioning, by an orchestration engine, an initial operating system software build in accordance with the retrieved secure configuration benchmark and an automation template; applying, by a provisioning tool, enterprise-specific modifications to the initial operating system software build to create an environment compliant with an enterprise standard benchmark; validating the enterprise standard benchmark via secure configuration and vulnerability checks; applying at least one configuration update to the enterprise standard benchmark to create a software service instance; applying application code to the software service instance; labeling the software service instance with a build name according to a naming convention that includes an application build identifier, a version, current as of date information, a security modification identifier, a benchmark version, and a benchmark source; executing a reboot and refresh process; and executing a risk rank process to prioritize software remediation efforts by the enterprise based on said build name; wherein the retrieved secure configuration benchmark is associated with at least one of;
a national institute of standards and technology checklist, and a department of defense security technical implementation guide. - View Dependent Claims (13, 14)
-
Specification