An ASP-based suite of offerings, TraceSecurity Compliance Manager provides a platform offering vulnerability scanning, alerting, and policy management tools primarily for security/compliance officers. The vendor bills the product as providing the ability to gauge the organization's posture in regard to regulatory compliance standards.

Multiple tools are included within the TraceSecurity Compliance Manager suite, including:

- TraceAssess, which automatically discovers assets and scans them for potential vulnerabilities. The scanners leverage an automatically updated vulnerability database for the identification of known vulnerabilities within the corporate infrastructure, and can be stopped/started as needed by the administrators. Listed features include integration with TraceAlert (see below), the ability to group devices logically, the ability to assign remediation responsibility (and report who is responsible for vulnerabilities on assets), and the ability to report on past remediations.

- TraceAlert, a real-time patch and vulnerability notification service. The vendor's own engineers feed the alerting engine with discovered vulnerabilities, and the engine then alerts the appropriate personnel within the customer's organization (multi-user notification is supported). Customers can choose which technologies to generate alerts for.

- TracePolicy, a documentation manager enabling you to manage who has/has not seen and reviewed corporate policies or memos. Features include automated notifications of newly posted documents and auditing for both the review and acceptance of the documents by individuals.

- TraceComply, a Web-accessed, user survey-based tool that measures an organization's compliance status across several regulations (GLBA, SOX, HIPAA, etc.) as well as provides automatically updated information defining and describing those regulations. User defined notes are also supported for each regulation.

- TraceMonitor, which provides the ability to monitor designated files/Web sites for content changes and alert designated individuals when changes are discovered.

Other tools listed as available as a part of Compliance Manager include TraceAssure, a browser-toolbar based means to identify malicious sites and allow users to authenticate to sites; TraceTrain for education tracking; and the Management Dashboard.

New features in the latest release include:

- TracePolicy enhancements, including automatic policy creation based on regulations/best practice, policy change management and maintenance, and LDAP support

- Compliance support for initiatives including "Red Flag" ID theft rules, NERC CIP, and NIST controls

- The ability to create patch alerts for needed network patches

TraceSecurity Compliance Manager is available now. Contact the vendor for further information.