1. Field
The present invention relates to compliance policies in software systems. More specifically, the present invention relates to a method and system for providing change recommendations to enforce a compliance policy for a software system.
2. Related Art
Computer systems which are maintained by an Information Technology (IT) department are subject to constant change. For example, as technology evolves, system vulnerabilities are often discovered and new system features are released. Consequently, computer systems may require frequent upgrades, patches, configuration changes, and/or other modifications. Moreover, a system administrator may have to ensure that his/her system complies with local regulatory policies, organization-specific policies, cross-vendor requirements, and/or other rules and regulations. For example, an organization-specific policy may require FTP ports to be closed on all systems within the organization to prevent data theft. Similarly, governmental regulations may specify requirements for auditing capabilities on software systems. To facilitate compliance with the various policies, the administrator may be responsible for collecting the policies and creating a set of configuration standards.
Various difficulties may arise in ensuring compliance with the configuration standards. First, software and hardware components may require constant monitoring to keep abreast of deviations from the system configuration standards. Moreover, policy violations are currently resolved by manual lookups to determine the necessary changes to enforce compliance. In addition, the configuration standards may change in content as well as number over time. Consequently, manual enforcement of the various configuration standards may become increasingly difficult as the configuration standards, system subcomponents, and the organization's needs evolve.