New CA Security Product Helps Reduces Cost and Complexity of Compliance Processes

CA, Inc. (NASDAQ: CA) today announced CA Security Compliance Manager, a new, internally developed CA security product that delivers capabilities that help CA customers address IT security and compliance with legal, corporate and government regulations. CA Security Compliance Manager focuses on helping organizations automate processes for answering security questions such as "Who has access to what?” "Who can do what?” and "Who approved what?” to help detect security policy or compliance violations and then initiate any necessary remediation. CA Security Compliance Manager is one of three CA identity and access management (IAM) products announced today. These three products—CA Identity Manager, CA Access Control Premium Edition and CA Security Compliance Manager—join seven other CA IAM products announced in October and November 2007 as part of CA IAM r12. The IAM r12 products are designed to help manage the identity lifecycle, and provide robust IT security controls, analysis and proof of compliance, and automation of compliance processes. "Several years ago when I left technical sales and became CA’s CIO, I saw first-hand the impact regulatory mandates have on IT and the challenges compliance processes present from a security perspective,” said Dave Hansen, corporate senior vice president and general manager, CA Security Management. "Now as the manager of CA’s security business, I see our customers turning to identity and access management to help ease compliance processes. We are delivering products, such as CA Security Compliance Manager and others announced today, that help businesses achieve what we call ‘security compliance.’ Security compliance means a company has the ability to provide IT security controls and show proof of compliance while automating processes to help ensure streamlined, consistent compliance procedures.” CA Security Compliance Manager is designed with features to build a process-centric platform for continuous compliance and address the three elements of security compliance—IT security controls, analysis and proof of compliance, and automation of compliance processes. Actionable Remediation and Validation – When CA Security Compliance Manager detects a policy or compliance violation, it can initiate a remediation request through any change management system such as a help desk. CA Security Compliance Manager can automatically follow up on such remediation requests to validate that the change happened, verify when it happened and certify the remediation with the appropriate manager, IT auditor or security reviewer. Entitlement-centric Visibility – CA Security Compliance Manager collects compliance data related to identities from a wide variety of systems to answer questions such as: Who has access to what? Who can do what? and Who approved what? Orphan and Inactive Accounts Reporting – Orphan and inactive accounts represent a common compliance violation. CA Security Compliance Manager can establish a continuous compliance process to identify orphan and inactive accounts, notify the risk owner of exceptions to the compliance process and initiate remediation requests and validation on specific accounts in target systems. Certification and Attestation – Using a process-centric certification engine, CA Security Compliance Manager identifies relevant changes in entitlements, roles, user title, cost center or account access and triggers a certification event change. CA Security Compliance Manager can complete the certification or attestation and create a full series of audit trails behind the process. This helps streamline the high-cost manual processes for certifying entitlements. Ease of Deployment – With an open and flexible architecture, CA Security Compliance Manager can accommodate a vast range of organizational structures and existing compliance processes. The interface is built to easily import existing compliance policies and procedures, and to collect accounts and entitlements from account stores. It also can be synchronized with an HR data feed. Robust and Easy Integration With Other CA Offerings – CA Security Compliance Manager integrates with CA Identity Manager, CA-ACF2 and CA-Top Secret, CA GRC Manager and CA Service Desk. It touches all EITM elements of govern, manage and secure. Customers seeking assistance in deploying CA Security Compliance Manager can turn to CA Services or to various CA partners ranging from global systems integrators to specialized identity management solution providers. CA Services offers implementation services that use best practices and methodologies developed from hundreds of successful deployments of CA security technology. That experience helps enable rapid time-to-value. CA Security Compliance Manager is among eight new and updated products announced by CA today that help customers lower IT operations costs, manage risk, and improve security and compliance processes. The products support CA’s Enterprise IT Management (EITM) vision by providing customers with the capabilities to better govern, manage and secure IT for better business results. CA Security Compliance Manager r12 is available today. It is offered as a standalone product or it can be part of a collective CA Identity and Access Management solution. It is currently licensed on a per user basis. For further information about CA’s Identity and Access Management products, please visit http://ca.com/us/it-security-solutions.aspx. About CA CA (NASDAQ: CA), one of the world's largest independent software companies, provides software solutions to unify and simplify™ IT management. With CA's Enterprise IT Management (EITM) vision and expertise, organizations can more effectively govern, manage and secure IT to optimize business performance and sustain competitive advantage. Founded in 1976, CA serves customers in virtually every country in the world. For more information, visit www.ca.com. Copyright © 2008 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. Each new feature or functionality included in future releases is subject to change based on a number of factors, including but not limited to internal and external beta testing, development plan changes, and feedback from customers and users. Accordingly, the product may have different features and/or functionality than stated in this document. CA does not provide legal advice. No software product referenced herein shall serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, standard, policy, administrative order, executive order, etc. (collectively, "Laws”)) referenced herein or any contract obligations with any third parties. The reader should consult with competent legal counsel regarding any such Laws or contract obligations.