Company
Solutions Demo

Learn how SignaCert solutions create a more stable IT environment while reducing costs. Register

Press Release

SignaCert Helps Create Industry Specification For Platform Measurement And Verification

Nov 14, 2006

PORTLAND, Ore. — SignaCert today celebrated the announcement of key standards released by the Trusted Computing Group (TCG), an industry group of more than 140 members creating open industry specifications for computing security. These standards provide a foundation for platform integrity measurement and verification and will ensure the interoperability and adoption of solutions in today's complex, multi-vendor IT environment.

This latest set of specifications are yet another step forward in the continued development of a trusted computing environment which seeks to deliver platform integrity, measurement and verification for users and IT administrators that ensures accurate and consistent reporting of the state of their platforms. By using these standards organizations will be able to significantly improve the security and information protection on platforms on which they are deployed.

"We recognize the need and importance for a standardized industry approach to data measurement and verification that will provide organizations with a consistent and accurate means of reporting the state of their platforms," said Wyatt Starnes, Founder, President and CEO of SignaCert.

The new specifications on the organization's website www.trustedcomputinggroup.org, augment the Trusted Platform Module (TPM), a core set of security functions defined by TCG members and widely used in virtually all enterprise PCs and many servers. These new specifications ensure that the state of the system in which a TPM is used is reported accurately and in a standard fashion. It's anticipated that services and products incorporating these specifications will begin development for availability in 2007.

The new specifications in this latest release include:

  • The Integrity Management Architecture provides a common framework for defining, collecting and reporting information about the integrity of the hardware and software components of a trusted platform (one that has the TPM). Integrity information includes values in the TPM within a system, files on the system, in-memory images and others. What is measured is dependent on the use of the measurement. For example, in implementations of TCG's Trusted Network Connect (TNC) for network access control, the client trying to attach to the network might be measured to determine what patches and antivirus software it has loaded, or checked to see if it has changed since the last connection.
  • The Platform Trust Services (PTS) Interface specification defines a measurement agent to collect, measure, and report the integrity information on the platform, which can be a PC, mobile phone, server or other device. This ability complements the Trusted Network Connect architecture by enabling an integrity check of the platform before it is connected to the network. This can help detect root kits when used in concert with boot integrity checking, and can identify infected or unauthorized clients.
  • The Integrity Schema specification provides a common XML-based data format to facilitate information exchange within the Integrity Management Architecture and integrates with Platform Trust Services Interface specification. The schema specification covers the format for integrity data to be collected and reported; the format for representing reference measurement of known values; and the format for evaluating the results of platform integrity assessments including reporting of the TPM platform configuration registers (PCRs).

About TCG

TCG is an industry standards body formed to develop, define, and promote open standards for trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft. More information and the organization's specifications are available at the Trusted Computing Group's website, www.trustedcomputinggroup.org.

About SignaCert

SignaCert is the leading provider of end-to-end and partner-based IT compliance solutions based on known-provenance whitelist technology. These methods allow SignaCert's direct customers to rapidly achieve and prove continuous compliance for the systems that deliver critical business services. The SignaCert architecture is designed to seamlessly integrate with existing change processes and continuously monitor critical business services without disruption.

Additionally, SignaCert's OEM and ISV Partners can supply to, or license content from, the SignaCert Global Trust Repository (GTR), adding new and important capabilities to their product offerings. All use cases are supported by a rich repository of vendor-independent software measurements. These "white" or "allow" list methods enable SignaCert's patented technology to be quickly deployed and provide immediate visibility into the actual state of IT infrastructure.

Founded in 2004 by 34-year IT security and compliance industry veteran Wyatt Starnes, SignaCert has assembled a world class team of industry leaders with hands-on IT experience for its executive team, board of directors, and advisory board.

SignaCert's end-customers span a wide variety of industries, including financial services, government, and healthcare.