HCL Software is committed to delivering secure products to our customers. In support of this commitment, we have long utilized an Information Security Management System (ISMS) to drive consistency in approach across all of our products and services, per the ISO/IEC 27001 standard. For more information about HCL Software certifications and the ISMS, visit https://www.hcltechsw.com/legal/compliance.
In our development processes, all production software and content releases undergo the secure final mile process prior to release which includes PenTest+ penetration testing, static and dynamic scans, open source scans and 3rd Party Vendor Ethical hacking to ensure the security and integrity of the BigFix product.
We are committed to delivering products which meet the stringent U.S. Federal government standards for a secure supply chain. HCL Software has a U.S. Federal Government approved Product Integrity Policy. The policy is enforced by HCL’s U.S. Federal Government approved security officer, and U.S. Federal government approved 3rd party monitor.
BigFix is compliant with:
- Common Criteria – is an international standard for computer security certification. It is used as the basis for a government-driven certification scheme. Evaluations are typically completed for the use of Federal Government agencies and critical infrastructure.
- ISO 20243 – a framework to address the problem of maliciously tainted and counterfeit products. It is a set of guidelines, requirements, and recommendations that address specific threats to the integrity of hardware and software products throughout the product life cycle. For more information, refer to FAQ #6 about our supply chain: https://www.hcltechsw.com/about/faqs .
We remain vigilant in maintaining security of our software, data and systems, and complying with important international and national security standards. We do this to protect our company as well as our customer’s businesses.
For more information
To learn more about BigFix, visit www.BigFix.com or contact your HCL Software Specialist. For further information about how BigFix can be used to find and mitigate this threat, contact your BigFix Technical Advisor.