IT Compliance Management Resources

afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx USER INSTRUCTIONS NOTE: This Instructions tab includes instructions for both IT managers and IT professionals. IT Manager Instructions 1. Open the IT Compliance Management Guide.docx file. Review the guide to familiarize yourself with a Microsoft Operations Framework (MOF) approach to GRC management. This guide will prepare you for a conversation with GRC subject matter experts such as attorneys, auditors, specialists, and consultants working for your organization. 2. Meet with your GRC subject matter expert (attorney, auditor, specialist, or consultant) to determine what specific GRC authority documents apply to your organization. Then determine what types of controls and control objectives are required within IT. 3. Review the GRC Management Inventory tab in this workbook to better understand how Microsoft specific products can help you manage GRC efforts in your organization. 4. Review the GRC Control Objectives tab in this workbook to determine which responsibilities apply to IT services and staff according to all MOF Service Management Functions (SMFs). 5. Instruct the IT professional on your staff to configure the organization's deployed Microsoft products according to recommended guidance found on the GRC Configuration Job Aids tab of this workbook. IT Professional Instructions 1. Open the IT Compliance Management Guide.docx file. Review the document to familiarize yourself with a Microsoft Operations Framework (MOF) approach to GRC management. 2. Consult the GRC Configuration Job Aids tab of this workbook to learn how to configure Microsoft Microsoft products in ways that address the specified control objectives for each product as required by your organization. 3. Follow the MOF Change and Configuration Service Management Function (SMF) or equivalent change control policy that observes proper planning, risk analysis, change windows, configuration backup, restoration procedures, and documentation requirements for each proposed change. 4. Work with IT management to instill MOF SMFs into your organization to ensure proper maintenance of your newly configured IT GRC solution. Instructions afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx Instructions afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A B C D E F G SOX H GLBA I EUDPD J PCIDSS K ISO 27002 L COBIT M GAPP N HIPAA MOF Phase 1 MOF Service Management Function GRC IO Category Application Platform IO Capabilities Service-Oriented Architecture and Business Process Management GRC Control Objectives Manage GRC compliance within IT. Use technologies to implement controls and enforce policy. Consolidate effective controls to simplify the organization's GRC solution. GRC Focus How does your organization monitor and report on its IT service state and product conformity with GRC requirements and controls? GRC authority documents require monitoring of IT services and products to address GRC requirements. Without monitoring, security incidents, product malfunctions, and service availability could go unnoticed by IT. Consult the GRC Service Management Function (SMF) for recommended methods of implementing a GRC management function in IT. The GRC SMF includes guidance on IT governance, assessment and monitoring, risk control, and compliance with GRC directives. Then consult the GRC Management Inventory tab for recommended product guidance to help IT monitor deployed products and services. Manage X X X X X X X X 2 Manage Change and Configuration Management Core Desktop, Server, and Device Management Manage GRC changes by service and product. How does your organization's IT department manage IT service and product configuration and change? GRC authority documents require that IT service and product configurations are approved and maintained. Any changes to IT services and products must be conducted according to written change management policies and procedures. Consult the Change and Configuration Management SMF for guidance on how to manage change and configuration. Then consult the GRC Management Inventory tab for guidance on how products might be configured and operated to help IT manage configuration and change. X X X X X X 3 Manage Team Application Platform Service-Oriented Architecture and Business Process Management Assign GRC roles within IT. Build awareness of GRC requirements through policy and planning documentation. How does your organization's IT department segregate responsibilities in accordance with GRC authority documents? How does your organization train administrators and users about GRC requirements and keep them aware of corresponding controls? GRC authority documents require GRC roles to be assigned to IT staff to establish position accountability. During role assignment, IT must ensure that one staff member cannot bypass a control while conducting actions against IT services, products, or data. If a technical control cannot be used to ensure this requirement, the organization may choose to separate or segregate duties to ensure the requirement is met. Consult the Team SMF to better understand how to assign, train, and maintain an IT team that is responsible for managing GRC requirements. Then refer to the GRC Management Inventory tab to determine how roles might be assigned to deployed products to enable segregation of duties. X X X X X X X X 4 Worksheet: GRC Control Objectives afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A B C D E F G SOX H GLBA I EUDPD J PCIDSS K ISO 27002 L COBIT M GAPP N HIPAA MOF Phase 1 MOF Service Management Function Business/IT Alignment IO Category Application Platform IO Capabilities Service-Oriented Architecture and Business Process Management GRC Control Objectives Ensure that the organization's governance, risk, and compliance (GRC) subject matter expert reviews all applicable GRC authority documents, and that GRC requirements are met through documented controls within the organization. Ensure that these requirements and controls are communicated to IT. GRC Focus How does your organization identify applicable GRC authority documents, what are the expectations of the organization for these documents, and how are such documents translated into effective controls in the organization's IT department? GRC authority documents might apply to the organization by federal mandate, industry self-regulation, client/vendor contracts, and other external influences. The organization must ensure that all GRC authority documents that apply to the organization are reviewed by a subject matter expert, and that an auditable level of compliance is achieved through the instantiation of effective controls. Controls might take the form of policy, business rules, or technical functions, and range from preventative to compensating in nature. GRC authority documents almost always require written organizational policies and agreements that document GRC requirements and associated controls. Policies describe the expected and prohibited actions of the business, its partners, and vendors. Agreements typically contain the acceptance and terms of applicable controls to the signing authorities. The organization can address the existence of newly applicable GRC authority documents during the MOF Plan phase and while instituting the Business/IT Alignment SMF. Reference this SMF to determine the best course of action for your organization. Consult the organization's executive management, legal counsel, auditors, and regulators to gather relevant regulatory standards, contractual agreements, and policy resources that contain applicable requirements for IT environments, services, systems, networks, and data. Then consolidate the requirements into a single documented resource that the organization's IT department can use to plan, deliver, operate, and manage regulatory compliance control solutions. Plan X X X X X X X X 2 5 Plan Reliability Core All Capabilities When the organization achieves these compliance goals, it becomes more efficient by reducing duplicate controls, more secure by establishing controls that are relevant to proven business risks, and more cost effective by minimizing security, service failures, or miscommunication incidents. Use organization classify, Ensure the confidentiality, integrity, and availability of services How does your organization maintain service continuity and capacity? How does your the Business/IT and sensitive data controlled by the organization. Ensure that handle, retain and destroy sensitive information (data)? How does your organization notify affected parties availability of services and sensitive data includes controls regarding use of their sensitive data? addressing identity, authentication, authorization and access management. Ensure IT service continuity and capacity. GRC authority documents usually require sufficient controls to ensure that an acceptable level of data Ensure that assets and data are recoverable if original asset or security is maintained throughout the data life cycle. From the receiving or creation of data to its final data loss occurs. destruction, the organization must establish controls to limit access to authorized parties and functions. Access control includes those technologies used to manage user identities, authorization technologies (such as Active Directory), and password management policies through the use of Group Policy objects (GPOs). If the organization maintains sensitive data for citizens of Europe, the United States, Australia, Japan, and a growing number of countries that are addressing concerns through data privacy legislation, it is likely that the organization is subject to one or multiple privacy-related GRC authority documents. Although privacy laws differ by country, the organization's privacy policy must still contain common criteria of data management, notification of use, customer opt-out, and a documented method to resolve data disputes with customers. GRC authority documents require a level of encryption (and key management) for sensitive data. The organization must deploy technologies to allow encryption when data is at rest and in transit. For data that transits a network, network security must be tested and validated as properly configured according to the organization's policy. If a legal authority demands that specific data be retained, data retention orders must X X X X X X X X 6 Worksheet: GRC Control Objectives afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A B C D E F G SOX H GLBA I EUDPD J PCIDSS K ISO 27002 L COBIT M GAPP N HIPAA MOF Phase 1 MOF Service Management Function Policy IO Category Application Platform IO Capabilities Service-Oriented Architecture and Business Process Management GRC Control Objectives GRC Focus Plan Ensure that the organization's internal and external IT Service How does your organization manage policy? and Use policies meet GRC requirements. GRC authority documents require organizations to manage the expected behavior and actions of their people and technologies. The written expectations usually take the form of policy, and carry the authority of management to enforce these expectations. Policy content will range from user actions and vendor relationships to specific technical functionality and limits on data use. This content applies to people, business processes, and technology, and might extend to the organization's relationships with partners, vendors, and even clients. Whenever possible, the effort to enforce policy should be automated through deployed technologies and products. This approach enables automated records to track enforcement. Consult the Policy SMF, then refer to the GRC Management Inventory tab to determine what product guidance the organization can implement to meet these requirements. X X X X X X X X 2 7 Plan Financial Management Application Platform Service-Oriented Architecture and Business Process Management Ensure that IT services are properly funded to meet GRC requirements, and that existing investments are used to their maximum potential. Is your organization prepared to fund the necessary changes to IT services that will support GRC requirements? What deployed products can the organization configure to address GRC requirements without additional cost? It might be necessary to purchase products and solutions to meet GRC requirements within IT. The organization's IT department must ensure that budget is secured for these purchases to comprehensively address these requirements. It is likely that your organization already owns Microsoft products with functionality that addresses many GRC requirements. To optimize these products in the organization to meet these requirements, the IT department must configure them. Take advantage of the freely provided configuration guidance located in the GRC Configuration Job Aids and GRC Management Inventory tabs. Your organization can immediately deploy recommended configuration and operations guidance using MOF SMFs. Consult the GRC Configuration Job Aids tab to determine your next course of action. X 8 Deliver Envision Application Platform Service-Oriented Architecture and Business Process Management Define and assign GRC requirements to IT products and Which IT staff members will be responsible for aligning products and services to the organization's GRC services administrative staff, then conduct a GRC-focused risk requirements? How does your organization identify IT product and service gaps to conform with GRC assessment by IT service and product. requirements? GRC authority documents require GRC responsibilities to be assigned to staff that controls IT products and services. These positions are responsible to identify gaps in conformity to GRC requirements, and to manage GRC requirements in IT products and services. These positions identify gaps through GRC-focused risk assessments. Consult the Envision SMF to determine how best to manage the assignment of duties. Once duties are assigned to IT staff, conduct a project whereby each IT staff member assigned GRC responsibilities reviews all available configuration and operation guidance within the GRC Management Inventory tab for assigned products and services. Ensure that the risk assessment project delivers a report that details the gap between present and potential configuration and operation states if all available guidance were implemented. X X X X X X X 9 Worksheet: GRC Control Objectives afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A B C D E F G SOX H GLBA I EUDPD J PCIDSS K ISO 27002 L COBIT M GAPP N HIPAA MOF Phase 1 MOF Service Management Function Project Planning IO Category Application Platform IO Capabilities Service-Oriented Architecture and Business Process Management GRC Control Objectives Prepare an IT GRC Plan for each IT service and product. GRC Focus How does your organization's IT department conduct GRC-required changes to IT products and services? GRC authority documents require specific technical functions and other controls to ensure compliance with GRC requirements. These configuration and operational changes must be carried out in a controlled manner, or the changes might introduce more problems than they solve. Plan each product and service change so that business impact is minimized whenever possible. Functional specifications should incorporate GRC requirements. Each solution design should meet the functional specification while minimizing the burden to the organization by taking advantage of existing deployed products. Develop work plans to follow the recommendations of SMFs during the MOF Deliver phase. IT product and service risk assessments conducted through the Envision SMF will provide guidance on how to configure existing products and technologies, thereby reducing cost to the organization. Schedule changes that incorporate the priority of closing a gap to meet GRC requirements. Consult the Project Planning SMF for specific guidance on project planning. Incorporate the recommended product configuration and operation guidance found in the GRC Configuration Job Aids and GRC Management Inventory tabs into these plans. Deliver X X X X X X X 2 10 Deliver Build Core Desktop, Server, and Device Management Deploy GRC required changes by product according to a Scope How does your organization's IT department release a newly configured IT product or service? Complete Milestone. GRC authority documents require any new service or product that affects the organization's conformity with GRC requirements to be adequately planned, tested, and deployed. Consult the Build SMF for guidance that relates to the build process. X X X X X X X 11 Deliver Stabilize Core Desktop, Server, and Device Management Validate GRC implementation in changed products. How does your organization's IT department validate GRC requirements are addressed in IT products and services? Configuration of deployed products must be tested to ensure that the configured functionality addresses the organization's GRC requirements. Conduct these tests, or audits, immediately after each IT service or product configuration change. Audit activities might include validating that programs only accept passwords that conform with specific rules, or that specific ports are closed. The focus of the audit depends on the GRC requirements that are being validated. X X X X X X X 12 Deliver Deploy Application Platform User Experience Issue GRC responsibilities to operations staff and end-users. After the organization's IT products and services are configured to address GRC requirements, how are GRC duties communicated and assigned to operations staff and users? GRC authority documents require configuring IT products and services to address GRC requirements, and to then operate them to maintain conformity to such requirements. This requirement usually means that the responsibility of conforming with GRC requirements extends to the staff and users who maintain and use these products and services. Consult the Operations SMF for a better understanding of how to manage the assignment of operational requirements to staff. Then refer to guidance on the GRC Inventory tab. X X X X X X X X 13 Worksheet: GRC Control Objectives afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A B C D E F G SOX H GLBA I EUDPD J PCIDSS K ISO 27002 L COBIT M GAPP N HIPAA MOF Phase 1 MOF Service Management Function Operations IO Category Application Platform IO Capabilities Service-Oriented Architecture and Business Process Management GRC Control Objectives Manage operations for GRC requirements through documented procedures and actions. GRC Focus How does your organization's IT department document and communicate authorized procedures and actions? GRC authority documents require that procedures and actions affected by GRC requirements be documented, approved, and auditable in the organization. This requirement is likely the most difficult requirement for organizations because of the constantly changing and dynamic nature of IT department activities. Consult the Operations SMF for guidance on documenting procedures and actions. Then refer to the guidance on the GRC Management Inventory tab to learn about recommended practices for managing the operation of your organization's deployed products. Operate X X X X X X X X 14 2 Operate Service Monitoring Core Desktop, Server, and Device Management Monitor GRC compliance in IT services and products. How does your organization's IT department monitor compliance with GRC requirements and controls? GRC authority documents require that the inventory and assets of the organization be documented, configured, deployed, and managed according to defined procedures. Without a comprehensive and maintained list of inventory and assets, the configurations of unknown assets most likely do not conform with GRC requirements, and the organization cannot definitively state whether sensitive data is controlled. Assign IT staff the responsibility of creating and maintaining an inventory and asset list according to the issuance of GRC responsibilities. Create a service monitoring solution by first consulting the Service Monitoring SMF, and then searching the GRC Management Inventory tab for guidance on configuring products to meet monitoring requirements. X X X X X X X X 15 Operate Customer Service Application Platform User Experience Manage GRC-related customer requests. How does your organization handle customer requests regarding the correctness of personal data and how it is used? Privacy focused GRC authority document requirements vary by location, but they typically contain common requirements about communicating with customers to notify them about data use and customers' ability to challenge the accuracy of data. Meet with your GRC subject matter expert to determine what IT technical controls may assist the organization in policy management, incident management, and the handling of customer requests. Review contents of the GRC Management Inventory tab and the GRC Configuration Job Aids tab with your GRC subject matter expert to determine what functions could support this need. X X X X 16 Operate Problem Management Application Platform Service-Oriented Architecture and Business Process Management Manage GRC incidents and problems through an Incident Management System. How does your organization's IT department manage service and security incidents and problems? GRC authority documents require that incidents and problems affecting compliance with GRC requirements be managed according to a documented incident management process. ISO 27002 specifically calls for an Information Security Management System, which receives incidents from the organization and outside sources that might impact infrastructure security and GRC efforts. X X X X X X X X Meet with your GRC subject matter expert to determine what IT technical controls may assist the organization in alert, monitoring and incident management. If your organization does not have an incident management system, consider using a combination of Exchange for communications, SharePoint for a knowledgebase repository and Microsoft Project for tracking of incidents requiring analysis and corrective actions. 17 Worksheet: GRC Control Objectives afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product Communications Server B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130285 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This guide addresses: Common Security Threats, Office Communications Server Security Framework, Addressing Threats to Core Infrastructure, Addressing Threats to Internet Boundaries, Addressing Threats to On-Premise Conferencing, Addressing Threats to Enterprise Voice, and Addressing Threats to the Office Communicator 2007 Client. 2 Service Monitoring SMF Communications Server Monitor GRC Compliance within IT services and products. GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkId=130882 that affect the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides configuration procedures for monitoring, logging, tracing, and archiving security threats to Office Communications Server. Use this resource to configure Communications Server. The objective is to protect data from internal and external security threats. 3 Reliability SMF Communications Server Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=130882 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides configuration management policies to be followed according to best practices. 4 Reliability SMF Communications Server Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=130882 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. Use this resource to determine best practice and policy with regard to encryption. See section: Encryption. 5 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product Communications Server B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=130882 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. Office Communications Server relies on Active Directory Domain Services for user and password provision and management. This resource describes how to implement or provides direction to an additional resource that provides configuration guidance. Reference the sections: Authentication, Authorization. 6 Reliability SMF Communications Server Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=130882 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This product can be configured to ensure controls that relate to authentication and authorization. Use this resource to ensure access limitations are established for specific personnel. Reference the sections: Authentication and Authorization sections. 7 Service Monitoring SMF Communications Server Monitor GRC Compliance within IT services and products. GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkId=130882 that affect the access, integrity, and state of the organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This product can be configured to monitor, log, and archive to help determine whether an attack was attempted. 8 Reliability SMF Exchange Server 2007 Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=131017 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. The requirements stipulated by the organization's policies and agreements will primarily affect the planning phase of an Exchange Server deployment. The following resource can be run against Exchange Server to assess conformity with Microsoft recommended configuration guidance. 9 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product Exchange Server 2007 B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=131017 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource can be run against Exchange Server to assess conformity with Microsoft recommended configuration guidance. 10 Reliability SMF Exchange Server 2007 Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130299 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This Security Guide for Exchange Server with Operations Management provides guidelines for configuring Exchange Server. 11 Problem Management SMF Exchange Server 2007 Manage GRC incidents and problems through an Incident Management System. GRC authority documents address requirements to manage incidents affecting the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available incident management enhancing features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC incident management requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This document provides Best Practices for Security Management to develop policy that will help ensure protection of the messaging environment and its various components. 12 Problem Management SMF Exchange Server 2007 Manage GRC incidents and problems through an Incident Management System. GRC authority documents address requirements to manage incidents affecting the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available incident management enhancing features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC incident management requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides guidance on monitoring and reporting to secure Windows for an Exchange network and properly configure monitoring and reporting. 13 http://go.microsoft.com/fwlink/?LinkID=130430 http://go.microsoft.com/fwlink/?LinkID=130430 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product Exchange Server 2007 B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=131017 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource can be run against Exchange Server to assess conformity with Microsoft recommended configuration guidance. 14 Reliability SMF Exchange Server 2007 Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130299 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides guidance on the use of the Security Configuration Wizard to secure Windows for Exchange Server roles. Use this resource to properly configure server roles. 15 Reliability SMF Exchange Server 2007 Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130301 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. The following resource provides guidance on the use of certificates for authentication and encryption functions within Exchange Server. 16 Reliability SMF Exchange Server 2007 Ensure that assets and data are recoverable if GRC authority documents address redundancy, backup, and recovery requirements of an organization's deployed http://go.microsoft.com/fwlink/?LinkID=130310 original asset or data loss occurs. products and data. This document primarily addresses prescribed backup configuration of the product. Guidance is provided to address GRC redundancy, backup, and recovery objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. The following resource provides guidance on configuring Exchange Server 2008 for backup and restoration functions. The objective is to ensure the integrity of data if an interruption of availability occurs. Before you back up or restore your Exchange 2000 data, you should download the latest hot fix from the Microsoft Exchange 2000 Server Web site at www.microsoft.com/exchange to get the most recent version of Windows 2000 Backup (NTBackup.exe). 17 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product Forefront B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130230 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides procedures for Microsoft Forefront Client Security. This resource addresses: Planning and Architecture, Deployment Operations, Troubleshooting , Security and Protection , and Technical Reference. Use this resource to configure the Forefront client. 18 Reliability SMF Forefront Ensure that assets and data are recoverable if GRC authority documents address redundancy, backup, and recovery requirements of an organization's deployed http://go.microsoft.com/fwlink/?LinkID=130428 original asset or data loss occurs. products and data. This document primarily addresses prescribed backup configuration of the product. Guidance is provided to address GRC redundancy, backup, and recovery objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides the Operations guide, which addresses: Administration, Disaster Recovery, Performance, and Scalability. Use this resource for best practice in Operational setup. 19 Reliability SMF Forefront Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=131051 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides procedures for Microsoft Forefront Client Security. See section: Security and Protection. 20 Reliability SMF Forefront Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130427 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides procedures for Microsoft Forefront Client Security. See section: Introduction to Management Console. Use this resource to centrally manage Forefront Security software solutions on all servers in the organization. 21 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product Forefront B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=131051 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides procedures for Microsoft Forefront Client Security. See section: Introduction to Management Console. Use this resource to centrally manage Forefront Security software solutions on all servers in the organization. 22 Service Monitoring SMF Forefront Monitor GRC Compliance within IT services and products. GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkID=130429 that affect the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource is the Security Console Management Guide. See section: Logging Controls. Use this resource to configure logging controls and reports to view activity on client computers. 23 Envision SMF SCCM – System Center Configuration Manager Define and assign GRC requirements to IT products and services administrative staff, then conduct a GRC-focused risk assessment by IT service and product. GRC authority documents address requirements to plan effective service solutions, including the need to conduct http://go.microsoft.com/fwlink/?LinkID=130345 GRC-focused risk assessments of IT services and products. This document primarily addresses the planning aspects of SCCM pertaining to product features and functionality. Guidance is provided to address GRC planning requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. The requirements stipulated by the organization's policies and agreements will primarily affect the planning phase of a SCCM deployment. Consult the following resource for SCCM Security and Privacy planning. This resource provides guidance on topics such as planning of ports, Web sites, accounts, security rights, privacy and permissions. The objective is to implement requirements that comply with organizational policies for SCCM deployment. 24 Service Monitoring SMF SCCM – System Center Configuration Manager Monitor GRC compliance in IT services and products. GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkID=130346 that affect the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides guidance on the Asset Intelligence Configuration Manager 2007 feature. The resource provides detailed information about the concepts, planning, configuring, managing, security, and troubleshooting of Asset Intelligence. This functionality allows administrators to inventory and manage software in use throughout the Configuration Manager 2007 hierarchy. 25 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Service Monitoring SMF B Product SCCM – System Center Configuration Manager C GRC Target Objective(s) Monitor GRC compliance in IT services and products. D E GRC Perspective Guidance Link GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkID=130341 that affect the access, integrity, and state of the organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides an overview of how to monitor changes in Configuration Manager 2007, which allows administrators to inventory and manage software in use throughout the Configuration Manager 2007 hierarchy. 26 Reliability SMF SCCM – System Center Configuration Manager Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130344 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides an overview of how to use Configuration Manager Cryptographic Controls to protect data on the network. 27 Reliability SMF SCCM – System Center Configuration Manager Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130343 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides information about how Accounts and Groups in Configuration Manager use many accounts, groups, and SQL Server database roles to perform management functions on the site server, site systems, site database server, and client computers. 28 Reliability SMF SCCM – System Center Configuration Manager Ensure that assets and data are recoverable if GRC authority documents address redundancy, backup, and recovery requirements of an organization's deployed http://go.microsoft.com/fwlink/?LinkID=130340 original asset or data loss occurs. products and data. This document primarily addresses prescribed backup configuration of the product. Guidance is provided to address GRC redundancy, backup, and recovery objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides procedures on how to plan for backup and Recovery in Configuration Manager including Volume Shadow Copy Service, What Gets Backed Up, What Does Not Get Backed Up, and Maintenance Mode Support. 29 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF B Product SCCM – System Center Configuration Manager C D E GRC Target Objective(s) GRC Perspective Guidance Link Ensure that assets and data are recoverable if GRC authority documents address redundancy, backup, and recovery requirements of an organization's deployed http://go.microsoft.com/fwlink/?LinkID=130342 original asset or data loss occurs. products and data. This document primarily addresses prescribed backup configuration of the product. Guidance is provided to address GRC redundancy, backup, and recovery objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides procedures for how to back up Configuration Manager sites, including: Tasks for Backing Up, How to Back Up a Primary Site, How to Determine if a Site Backup is Successful, How to Archive the Backup Snapshot (AfterBackup.bat), How to Back Up a Secondary Site, and How to Troubleshoot Site Backup. Use this resource to properly configure backup to help ensure data recovery. 30 Service Monitoring SMF SCOM – System Center Operations Manager Monitor GRC compliance in IT services and products. GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkId=131052 that affect the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides end-to-end monitoring procedures for an organization's IT environment. 31 Problem Management SMF SCOM – System Center Operations Manager Manage GRC incidents and problems through an Incident Management System. GRC authority documents address requirements to manage incidents affecting the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available incident management enhancing features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC incident management requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource addresses Investigating Alerts, Using the Health Explorer, Using Tasks, Closing Alerts, Using Monitor Properties, Overriding a Monitor, Investigating Alert Storms, Finding Alert Storms, Modifying Monitors and Rules, About Suppressed Alerts, Resolving a Heartbeat Alert, How to Investigate Agent Heartbeat Issues, and How to Troubleshoot Agent Heartbeat Issues. 32 Reliability SMF SCOM – System Center Operations Manager Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130351 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides an overview of how to configure Operations Manager for use. Use this resource to properly configure the console by completing these configuration tasks which include implementing user roles that determine what actions your Operations Manager users can perform and on which objects, as well as determining your users' console needs and configuring notifications. 33 http://go.microsoft.com/fwlink/?LinkID=130383 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF B Product SCOM – System Center Operations Manager C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130350 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter rxpert how the provided configuration guidance can address your organization's GRC requirements. This resource provides procedures for configuring role–based security. Implement this configuration to help ensure that the user credentials supplied are members of a user role in Operations Manager. 34 Service Monitoring SMF SCOM – System Center Operations Manager Monitor GRC compliance in IT services and products. GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkId=131058 that affect the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides procedures for managing reporting in Operations Manager including Alerts, Availability, Health, and Performance. Use this resource to configure customized reports, enable timely reporting of all operational views, and assist in preventing unauthorized access. 35 Reliability SMF SharePoint Server Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130544 within an organization's deployed products. This document primarily addresses threats to the product and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides a Compliance Process template for download. The Compliance Process Support Site application template for Microsoft Windows SharePoint Services 3.0 helps both teams and executive sponsors to manage compliance implementation endeavors. 36 Reliability SMF SharePoint Server Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=131059 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides operations guidance for Windows SharePoint Services, including Administering Security Credentials and Permissions, Protecting and Restoring the Farm, Administering Servers and Server Farms, Migrating Servers and Farms, as well as a Central Administration Help portal. 37 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product SharePoint Server B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130416 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This security guide provides guidance on establishing authentication methods. See section: Plan Authentication Methods. 38 Reliability SMF SharePoint Server Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130416 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This security guide provides guidance on establishing permission controls. See sections: Choose Administrators and Owners for the Administration Hierarchy and Determine Permission Levels and Groups to Use. 39 Reliability SMF SharePoint Server Ensure that assets and data are recoverable if GRC authority documents address redundancy, backup, and recovery requirements of an organization's deployed http://go.microsoft.com/fwlink/?LinkId=131060 original asset or data loss occurs. products and data. This document primarily addresses prescribed backup configuration of the product. Guidance is provided to address GRC redundancy, backup, and recovery objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides guidance on protecting and restoring the farm. Use this resource to configure backup and restore procedures. 40 Reliability SMF SharePoint Server Ensure that assets and data are recoverable if GRC authority documents address redundancy, backup, and recovery requirements of an organization's deployed http://go.microsoft.com/fwlink/?LinkId=131061 original asset or data loss occurs. products and data. This document primarily addresses prescribed backup configuration of the product. Guidance is provided to address GRC redundancy, backup, and recovery objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides guidance on backing up and restoring a farm, including Preparation, Backup Using Built-in Tools, and Restoring a Farm Using Built-in Tools. Use this resource to configure backup and restore procedures. This resource will provide guidance on proper data recovery if an interruption occurs. 41 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Build SMF Product SQL Server 2008 B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=131062 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides configuration and use guidance for SQL Server Management Studio. 42 Reliability SMF SQL Server 2008 Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=131063 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides configuration and use guidance for SQL Server Configuration Manager. Use this resource to start, pause, resume, or stop the services, to view service properties, or to change service properties. 43 Reliability SMF SQL Server 2008 Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130338 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This white paper provides configuration procedures for SQL Server 2008 security. See sections: Authentication, Authorization, and User Schema. 44 Service Monitoring SMF SQL Server 2008 Monitor GRC compliance in IT services and products. GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkID=130338 that affect the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This white paper provides configuration procedures for SQL Server 2008 security. See section: Auditing in SQL. Use this resource to properly configure network monitoring of the database server and store it in a log. 45 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product SQL Server 2008 B C D E GRC Target Objective(s) GRC Perspective Guidance Link Ensure that assets and data are recoverable if GRC authority documents address redundancy, backup, and recovery requirements of an organization's deployed http://go.microsoft.com/fwlink/?LinkId=131064 original asset or data loss occurs. products and data. This document primarily addresses prescribed backup configuration of the product. Guidance is provided to address GRC redundancy, backup, and recovery objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides configuration procedures and guidance to schedule a database backup operation by using SQL Server Management Studio in SQL Server 2005. This resource will provide guidance on proper data recovery if an interruption occurs. 46 Reliability SMF Windows Server 2008 RMS Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=131065 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This document discusses Windows security and compliance features such as Network Access Protection, Right Management Services, and Active Directory Federation Service. 47 Service Monitoring SMF Windows Server 2008 RMS Monitor GRC compliance in IT services and products. GRC authority documents address requirements to monitor faults, security breaches, service availability, and logs http://go.microsoft.com/fwlink/?LinkId=131065 that affect the access, integrity, and state of an organization's deployed products and data. This document primarily addresses the available monitoring features and functions within the product, and how to configure and manage these features. Guidance is provided to address GRC monitoring requirements, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This document discusses why auditing is important and how to configure an audit policy for an updated Windows Server 2008 event subsystem. 48 Reliability SMF Windows SharePoint Services Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130417 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides a roadmap of security content for Windows SharePoint Services. Use this resource to plan how SharePoint Services will be used with IT Services. 49 Reliability SMF Windows SharePoint Services Ensure that assets and data are recoverable if GRC authority documents address redundancy, backup, and recovery requirements of an organization's deployed http://go.microsoft.com/fwlink/?LinkID=131059 original asset or data loss occurs. products and data. This document primarily addresses prescribed backup configuration of the product. Guidance is provided to address GRC redundancy, backup, and recovery objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides guidance on permissions administration and backup functions for Windows SharePoint Services. 50 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF B Product Windows SharePoint Services C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130416 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides security guidance for SharePoint Services. See section: Plan for secure communication within a server farm for procedures on ensuring that communications are in a secure environment. 51 Reliability SMF Windows SharePoint Services Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130417 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides security guidance for SharePoint Services. See section: Plan for authentication. 52 Reliability SMF Windows SharePoint Services Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130419 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides information on administering security credentials. It provides guidance on configuring SharePoint Services for user security. 53 Reliability SMF Windows SharePoint Services Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkID=130417 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. This resource provides information about administering security credentials. It provides guidance on configuring SharePoint Services for user security. 54 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 MOF SMF Reliability SMF Product Windows Vista B C GRC Target Objective(s) Ensure the confidentiality, integrity, and availability of services and sensitive data controlled by the organization. D E GRC Perspective Guidance Link GRC authority documents address requirements involving the confidentiality, integrity, and availability of data http://go.microsoft.com/fwlink/?LinkId=74027 within an organization's deployed products. This document primarily addresses threats to the product, and how to address these threats through prescribed configuration of the product. Guidance is provided to address GRC confidentiality, integrity, and availability objectives, but can also be used in other SMFs to facilitate plan, deliver, operate, and manage GRC requirements within the product. Review the linked guidance and determine with your organization's GRC subject matter expert how the provided configuration guidance can address your organization's GRC requirements. Windows Vista can be configured by local or organizational policy to enforce an identity management solution, require authorization for resource access, and require a complexity level for passwords that enable IT to enforce GRC requirements within the organization. Consult the following resource for guidance on Rights Management Services that require certain data types to be backed up to the network. 55 Worksheet: GRC Configuration Job Aids afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 Product or Solution 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 .NET Framework 2.0 .NET Framework 2.0 Asset Inventory Service Exchange Hosted Services Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Exchange Server 2007 Forefront Client Security Forefront security products Forefront security products Forefront security products Forefront security products Forefront Server Security GPOAccelerator GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance GRC Related General Guidance Identity Lifecycle Manager Intelligent Application Gateway (IAG) 2007 Intelligent Application Gateway (IAG) 2007 Internet Security and Acceleration (ISA) Server 2006 Internet Security and Acceleration (ISA) Server 2006 Malware Removal Starter Kit Microsoft Assessment and Planning Toolkit Microsoft Deployment Toolkit B C Resource Title Microsoft .NET Security Patterns & Practices Security Guidance for .NET Framework 2.0 Microsoft Asset Inventory Service Exchange Hosted Services Best Practices for Security Management Certificate Use in Exchange Server 2007 Chapter 28 - Backup and Restore Data Path Security Reference Exchange 2007 Security Guide Microsoft Exchange Server 2007 Compliance Tour Securing Exchange Server 2007 Client Access Microsoft Forefront Client Security Introduction to the Management Console Microsoft Forefront Client Security Operations Solution Accelerator: Microsoft Forefront Integration Kit for Network Access Protection Setting the logging level Forefront Server Security Management Console User Guide Solution Accelerator: GPOAccelerator IT Manager Webcast: Microsoft IT Compliance: Policy, HBI, SOX, and PCI (Level 200) Managing 21 CFR Part 11 Compliance Microsoft IT Showcase: Incident Response—Managing Security at Microsoft Microsoft IT Showcase: Microsoft IT Attack and Penetration Testing Team Microsoft Operations Framework 4.0 Regulatory Compliance Demystified: An Introduction to Compliance for Developers Solution Accelerator: IT Compliance Management Guide Solution Accelerator: Security Risk Management Guide Solution Accelerator: Assessment Scenarios, Process and Inventory Technologies Supporting Compliance and Governance Processes with Electronic Records Management Solution Accelerator: The Secure Access Using Smart Cards Planning Guide Solution Accelerator: Windows Server 2003 and Windows XP Threats and Countermeasures Identity Lifecycle Management Intelligent Application Gateway 2007 Technical Resources Intelligent Application Gateway Overview Microsoft Internet Security and Acceleration (ISA) Server 2006 Microsoft Internet Security and Acceleration (ISA) Server 2006 Hands-On Labs Solution Accelerator: Malware Removal Starter Kit Solution Accelerator: Microsoft Assessment and Planning Toolkit Solution Accelerator: Microsoft Deployment Toolkit (MDT) 2008 Update 1 Guidance Link http://go.microsoft.com/fwlink/?LinkId=130432 http://go.microsoft.com/fwlink/?LinkId=130431 http://go.microsoft.com/fwlink/?LinkId=130411 http://go.microsoft.com/fwlink/?LinkId=130520 http://go.microsoft.com/fwlink/?LinkId=130430 http://go.microsoft.com/fwlink/?LinkId=130301 http://go.microsoft.com/fwlink/?LinkId=130310 http://go.microsoft.com/fwlink/?LinkId=130306 http://go.microsoft.com/fwlink/?LinkId=130299 http://go.microsoft.com/fwlink/?LinkId=130307 http://go.microsoft.com/fwlink/?LinkId=130304 http://go.microsoft.com/fwlink/?LinkID=130230 http://go.microsoft.com/fwlink/?LinkId=130427 http://go.microsoft.com/fwlink/?LinkId=130428 http://go.microsoft.com/fwlink/?LinkId=119598 http://go.microsoft.com/fwlink/?LinkId=130429 http://go.microsoft.com/fwlink/?LinkId=130426 http://go.microsoft.com/fwlink/?LinkId=103576 http://go.microsoft.com/fwlink/?LinkId=130521 http://go.microsoft.com/fwlink/?LinkId=130527 http://go.microsoft.com/fwlink/?LinkId=130524 http://go.microsoft.com/fwlink/?LinkId=130525 http://go.microsoft.com/fwlink/?LinkId=130522 http://go.microsoft.com/fwlink/?LinkId=130530 http://go.microsoft.com/fwlink/?linkid=56114 http://go.microsoft.com/fwlink/?linkid=30794 http://go.microsoft.com/fwlink/?LinkId=111000 http://go.microsoft.com/fwlink/?LinkId=130528 http://go.microsoft.com/fwlink/?LinkID=41313 http://go.microsoft.com/fwlink/?linkid=15160 http://go.microsoft.com/fwlink/?LinkId=130324 http://go.microsoft.com/fwlink/?LinkId=130535 http://go.microsoft.com/fwlink/?LinkId=130536 http://go.microsoft.com/fwlink/?LinkId=130422 http://go.microsoft.com/fwlink/?LinkId=130611 http://go.microsoft.com/fwlink/?LinkId=93108 http://go.microsoft.com/fwlink/?LinkId=131525 http://go.microsoft.com/fwlink/?LinkId=103947 Worksheet: GRC Management Inventory afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 Product or Solution 2 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 Microsoft Dynamics AX Microsoft Dynamics CRM Microsoft Dynamics GP Microsoft Dynamics NAV Microsoft Dynamics NAV Microsoft Dynamics RMS 2.0 Service Pack 2 Microsoft Dynamics SL Microsoft Infrastructure Optimization Office 2007 system Office 2007 system Office 2007 system Office Communications Server 2007 Office Groove 2007 Office OneNote 2007 Office SharePoint Server 2007 Office SharePoint Server 2007 Office SharePoint Server 2007 Office SharePoint Server 2007 Office SharePoint Server 2007 Office SharePoint Server 2007 Office SharePoint Services SharePoint SQL Server 2008 SQL Server 2008 SQL Server 2008 SQL Server 2008 SQL Server 2008 SQL Server 2008 SQL Server 2008 System Center Configuration Manager (SCCM) 2007 System Center Configuration Manager (SCCM) 2007 System Center Configuration Manager (SCCM) 2007 System Center Configuration Manager (SCCM) 2007 System Center Configuration Manager (SCCM) 2007 System Center Configuration Manager (SCCM) 2007 System Center Configuration Manager (SCCM) 2007 System Center Configuration Manager (SCCM) 2007 System Center Configuration Manager (SCCM) 2007 B C Resource Title ERP Security - Microsoft Dynamics AX Security Microsoft Dynamics CRM Security Model Microsoft Dynamics GP Planning for Security NAV Security Hardening White Paper Sarbanes Oxley Compliance - How Microsoft Dynamics NAV can help How Microsoft Dynamics RMS can help with PCI compliance The Role of Microsoft Business Solutions Solution Accelerator: Infrastructure Optimization Implementer Guides Solution Accelerator: 2007 Microsoft Office Security Guide 2007 Office System Document: Compliance Features in the 2007 Microsoft Office System Spreadsheet Compliance in the 2007 Microsoft Office System Office Communications Server 2007 Document: Security Guide Office Groove Security Architecture Office OneNote 2007 Security and Privacy A Fresh Look at Compliance in SharePoint Server 2007 Compliance and Records Management with Office SharePoint Server 2007 (Level 200) Design Records Center Security Architecture Identify records management roles (Office SharePoint Server) Solution Accelerator: External Collaboration Toolkit for SharePoint Solution Accelerator: SharePoint Capacity Planning Tool Windows SharePoint Services 3.0 Application Template: Compliance Process Support Site Solution Accelerator: SharePoint Monitoring Toolkit Administration (Database Engine) Backing Up and Restoring How-to Topics (Transact-SQL) Event Notifications (Database Engine) Introducing SQL Server Management Studio Managing Unstructured Data with SQL Server 2008 Security Overview for Database Administrators White Paper: SQL Server 2008 Manageability Accounts and Groups in Configuration Manager Asset Intelligence in Configuration Manager Configuration Manager Security and Privacy Planning How to Monitor Changes in Configuration Manager Client Site Modes Overview of Configuration Manager Cryptographic Controls Planning for Backup and Recovery Solution Accelerator: Security Compliance Management Toolkit Solution Accelerator: SCAP Conversion Tool for DCM System Center Configuration Manager 2007 Configuration Pack Catalog Guidance Link http://go.microsoft.com/fwlink/?LinkId=130326 http://go.microsoft.com/fwlink/?LinkId=130614 http://go.microsoft.com/fwlink/?LinkId=130327 http://go.microsoft.com/fwlink/?LinkId=130261 http://go.microsoft.com/fwlink/?LinkId=130328 http://go.microsoft.com/fwlink/?LinkId=130539 http://go.microsoft.com/fwlink/?LinkId=130264 http://go.microsoft.com/fwlink/?LinkId=131524 http://go.microsoft.com/fwlink/?LinkId=95736 http://go.microsoft.com/fwlink/?LinkId=130283 http://go.microsoft.com/fwlink/?LinkId=130282 http://go.microsoft.com/fwlink/?LinkId=130285 http://go.microsoft.com/fwlink/?LinkId=130541 http://go.microsoft.com/fwlink/?LinkId=130543 http://go.microsoft.com/fwlink/?LinkId=130332 http://go.microsoft.com/fwlink/?LinkId=130330 http://go.microsoft.com/fwlink/?LinkId=130333 http://go.microsoft.com/fwlink/?LinkId=130331 http://go.microsoft.com/fwlink/?LinkID=105114 http://go.microsoft.com/fwlink/?linkid=93029 http://go.microsoft.com/fwlink/?LinkId=130544 http://go.microsoft.com/fwlink/?LinkId=103032 http://go.microsoft.com/fwlink/?LinkId=130334 http://go.microsoft.com/fwlink/?LinkId=130420 http://go.microsoft.com/fwlink/?LinkId=130336 http://go.microsoft.com/fwlink/?LinkId=130335 http://go.microsoft.com/fwlink/?LinkId=130337 http://go.microsoft.com/fwlink/?LinkId=130338 http://go.microsoft.com/fwlink/?LinkId=130339 http://go.microsoft.com/fwlink/?LinkId=130343 http://go.microsoft.com/fwlink/?LinkId=130346 http://go.microsoft.com/fwlink/?LinkId=130345 http://go.microsoft.com/fwlink/?LinkId=130341 http://go.microsoft.com/fwlink/?LinkId=130344 http://go.microsoft.com/fwlink/?LinkId=130340 http://go.microsoft.com/fwlink/?LinkId=113939 http://go.microsoft.com/fwlink/?LinkId=113938 http://go.microsoft.com/fwlink/?LinkId=130347 Worksheet: GRC Management Inventory afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 Product or Solution 2 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 System Center Configuration Manager (SCCM) 2007 System Center Data Protection Manager (DPM) 2007 System Center Operations Manager (SCOM) 2007 System Center Operations Manager (SCOM) 2007 System Center Operations Manager (SCOM) 2007 System Center Operations Manager (SCOM) 2007 System Center Operations Manager (SCOM) 2007 System Center Virtual Machine Manager System Center Virtual Machine Manager Unified Communications User Account Control (UAC) Virtual Machine Servicing Tool Visual Studio Team System 2008 Visual Studio Team System 2008 Visual Studio Team System 2008 Windows Server 2008 Windows Firewall Windows Mobile Security Management Technologies Windows Server 2008 Windows Server 2008 Windows Server 2008 Windows Server 2008 Windows Server 2008 Windows Server 2008 Windows Server 2008 Windows Server 2008 Windows Server 2008 Windows Server 2008 Rights Management Services (RMS) Windows SharePoint Services Windows SharePoint Services Windows SharePoint Services Windows SharePoint Services Windows SharePoint Services Windows Vista Windows Vista Windows Vista Windows Vista Windows Vista B C Resource Title System Center Configuration Manager 2007 Documentation Library (November 2007) Microsoft System Center Data Protection Manager product overview Authentication and Data Encryption in Operations Manager 2007 Investigate and Resolve Alerts Role-based Security in Operations Manager 2007 Solution Accelerator: Service Level Dashboard Management Pack for System Center Operations ManagerCenter Operations Manager Systems 2007 System Center Virtual Machine Manager 2007 Scripting Guide System Center Virtual Machine Manager Overview A best practice approach to security and compliance in Unified Communications Understanding and Configuring User Account Control in Windows Vista Solution Accelerator: Offline Virtual Machine Servicing Tool Executive Overview Microsoft's Solution for Application Lifecycle Management (ALM) Sarbanes-Oxley 404 and Visual Studio Team System 2008 Server and Domain Isolation (SDI) for Security Datasheet Solution Accelerator: Windows Server 2008 Security Guide Windows Firewall and Windows Firewall with Advanced Security Understanding the Windows Mobile Security Model Auditing and Compliance in Windows Server 2008 Network Access Protection Policy-Driven Network Access with Windows Server 2008 Security and Policy Enforcement Step-By-Step Guide to Controlling Device Installation Using Group Policy Windows Server 2008 offers new ways to secure your network Windows Server 2008 Security & Compliance Technologies Solution Accelerator: Infrastructure Planning and Design Guides Solution Accelerator: Offline Virtual Machine Servicing Tool Event Review: RMS in Windows Server 2008 (Session ITPROADD-401) Administering security credentials (Windows SharePoint Services) Operations for Windows SharePoint Services 3.0 technology Roadmap to security content for Windows SharePoint Services Security for Windows SharePoint Services 3.0 Solution Accelerator: Upgrade Toolkit for Windows SharePoint Services Sites Guide Active Directory Rights Management Services Client for Windows Vista BitLocker Drive Encryption Solution Accelerator: Data Encryption Toolkit for Mobile PCs Encrypting File System Solution Accelerator: Windows Vista Security Guide Guidance Link http://go.microsoft.com/fwlink/?LinkId=130289 http://go.microsoft.com/fwlink/?LinkId=130348 http://go.microsoft.com/fwlink/?LinkId=130349 http://go.microsoft.com/fwlink/?LinkId=130383 http://go.microsoft.com/fwlink/?LinkId=130350 http://go.microsoft.com/fwlink/?LinkID=110337 http://go.microsoft.com/fwlink/?LinkId=130384 http://go.microsoft.com/fwlink/?LinkId=130292 http://go.microsoft.com/fwlink/?LinkId=130385 http://go.microsoft.com/fwlink/?LinkId=130551 http://go.microsoft.com/fwlink/?LinkId=130415 http://go.microsoft.com/fwlink/?LinkId=110333 http://go.microsoft.com/fwlink/?LinkId=130387 http://go.microsoft.com/fwlink/?LinkId=130388 http://go.microsoft.com/fwlink/?LinkId=130297 http://go.microsoft.com/fwlink/?LinkId=92552 http://go.microsoft.com/fwlink/?LinkId=130552 http://go.microsoft.com/fwlink/?LinkId=130553 http://go.microsoft.com/fwlink/?LinkId=120263 http://go.microsoft.com/fwlink/?LinkId=130394 http://go.microsoft.com/fwlink/?LinkId=130391 http://go.microsoft.com/fwlink/?LinkId=130395 http://go.microsoft.com/fwlink/?LinkId=130390 http://go.microsoft.com/fwlink/?LinkId=130393 http://go.microsoft.com/fwlink/?LinkId=130616 http://go.microsoft.com/fwlink/?LinkId=100915 http://go.microsoft.com/fwlink/?LinkId=110333 http://go.microsoft.com/fwlink/?LinkId=130397 http://go.microsoft.com/fwlink/?LinkId=130419 http://go.microsoft.com/fwlink/?LinkId=130418 http://go.microsoft.com/fwlink/?LinkId=130417 http://go.microsoft.com/fwlink/?LinkId=130416 http://go.microsoft.com/fwlink/?linkid=79252 http://go.microsoft.com/fwlink/?LinkId=130404 http://go.microsoft.com/fwlink/?LinkId=130402 http://go.microsoft.com/fwlink/?linkid=86127 http://go.microsoft.com/fwlink/?LinkId=130400 http://go.microsoft.com/fwlink/?LinkId=74028 Worksheet: GRC Management Inventory afba19ea-41d7-4fee-b372-7048e2b6fc60.xlsx A 1 Product or Solution 2 116 117 118 119 Windows Vista Windows Vista Windows Vista Windows Vista B C Resource Title What does Internet Explorer protected mode do? Windows Desktop Management and Deployment Windows Vista Security and Data Protection Improvements Windows Vista Service Life-Cycle Management Guidance Link http://go.microsoft.com/fwlink/?LinkId=130405 http://go.microsoft.com/fwlink/?LinkId=130414 http://go.microsoft.com/fwlink/?LinkId=130399 http://go.microsoft.com/fwlink/?LinkId=130407 Worksheet: GRC Management Inventory Copyright © 2008 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons Attribution-NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that user's particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM. Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious. Microsoft and the Microsoft product names listed in this workbook are trademarks of the Microsoft group of companies; the list of Microsoft trademarks can be found at www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them.