HCL Software is committed to delivering secure products to our customers. In support of this commitment, we have long utilized an Information Security Management System (ISMS) to drive consistency in approach across all of our products and services, per the ISO/IEC 27001 standard. For more information about HCL Software certifications and the ISMS, visit https://www.hcltechsw.com/legal/compliance. 

In our development processesall production software and content releases undergo the secure final mile process prior to release which includes PenTest+ penetration testing, static and dynamic scans, open source scans and 3rd Party Vendor Ethical hacking to ensure the security and integrity of the BigFix product. 

We are committed to delivering products which meet the stringent U.S. Federal government standards for secure supply chainHCL Software has a U.S. Federal Government approved Product Integrity Policy. The policy is enforced by HCL’s U.S. Federal Government approved security officer, and U.S. Federal government approved 3rd party monitor.  

 BigFix is compliant with: 

  • Common Criteria – is an international standard for computer security certification. It is used as the basis for a government-driven certification scheme. Evaluations are typically completed for the use of Federal Government agencies and critical infrastructure.  
  • ISO 20243 – a framework to address the problem of maliciously tainted and counterfeit products. It is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and software products throughout the product life cycle. For more information, refer to FAQ #6 about our supply chain: https://www.hcltechsw.com/about/faqs . 

We remain vigilant in maintaining security of our software, data and systems, and complying with important international and national security standards.  We do this to protect our company as well as our customer’s businesses. 

For more information 

To learn more about BigFix, visit www.BigFix.com or contact your HCL Software Specialist. For further information about how BigFix can be used to find and mitigate this threat, contact your BigFix Technical Advisor. 

 

 

 

Comment wrap
Further Reading
article-img
Automation | August 4, 2022
Vulnerability Management is more than checking a box
Softchoice and BigFix, collaborated to produce an informative webinar emphasizing that vulnerability management and continuous compliance are no longer nice to have but a minimum standard of operation.
article-img
Automation | July 13, 2022
Linux vulnerability CVE-2021-4034 is actively being exploited. Remediate now using BigFix.
CISA strongly recommended all US Organizations from the public and private sectors prioritize the remediation of the vulnerabilities listed in its KEV (Known Exploited Vulnerabilities) catalog, including the PwnKit. The BigFix console offers the functionalities required to immediately identify all the PwnKit vulnerable endpoints and deploy the update to resolve the vulnerability.
Close
Filters result by
Sort:
|