- Enterprise Security
- HCL BigFix
-
Offerings
-
Workspace+Managing and securing the hybrid workspace with a comprehensive solution that seamlessly manages all devices across any location while focusing on user experience and controlling cyber risk.
-
Enterprise+Intelligent hybrid infrastructure automation offering intelligent runbook automation, leveraging cybersecurity, and analytics capabilities to proactively identify and remediate vulnerabilities in real-time.
-
- Industries
-
Use Cases
-
Solutions
-
Zero Trust Endpoint ManagementAccelerate your Zero Trust pursuit with BigFix Zero Trust Endpoint Management.
-
Remediate Vulnerabilities FastEssential capabilities to remediate vulnerabilities faster than ever, helping organizations reduce cybersecurity risk.
-
Mitigating the Log4j VulnerabilityLearn how to use HCL BigFix to detect and mitigate the Log4j vulnerability across your enterprise.
-
Continuous ComplianceEnhance security posture and automate the fight against cyberattacks.
-
Software Asset ManagementMaintain software audit readiness, mitigate non-compliance risk, and optimize software spend.
-
Manage IoT DevicesEfficiently patch, deploy software, inventory, report, and remediate IoT devices from one single platform.
-
Manage MulticloudExtend your capabilities by integrating with other enterprise solutions.
-
Enable Work from HomeEnroll, deploy, secure, and support endpoints in today’s work from home environment.
-
Slash Costs with BigFixSave Money and Reduce Complexities with BigFix.
-
Manage KiosksKiosk security, management, and compliance.
-
An Optimization Model for IT OperationsA roadmap to a greater efficiency, better security, and lower costs.
-
- Events
- Resources
- Partners
-
Attachments
-
BigFix for SCCM
-
BigFix Events & Webinars
-
BigFix ComplianceContinuously monitor and enforce endpoint...
-
BigFix InventoryIdentify licensed and unlicensed software across your organization.
-
BigFix LifecycleReduce cost, risk, and complexity of endpoint and server management.
-
BigFix InsightsAccelerate risk identification and decision-making.
-
BigFix MobileExtends modern endpoint management techniques to mobile devices running iOS, iPadOS and Android
-
BigFix Summer Launch
-
Endpoint Security Optimization Model
-
IVR Home
-
Bigfix Upcoming Past Events
-
BigFix TrainingA digital workplace with everything employees need.
-
Customer Reference
-
Customer Video
-
BigFix Partners
-
Demo
-
Professional Services
-
Google Cloud
-
AWS
-
Azure
-
Intel EMA
-
Aruba Clear Pass
-
Continuous ComplianceEnhance security posture and automate the fight against cyberattacks.
-
BigFix Work from HomeEnroll, deploy, secure and support endpoints in today’s work-from-home environment.
-
InventoryMaintain software audit readiness, mitigate security and non-compliance risks, and better understand software usage.
-
BigFix Days
-
BigFix Days Americas
-
BigFix Days APAC
-
BigFix Days EMEA
-
BigFix Product FamilyThe BigFix product family guide provides an overview of the extensive capabilities...
-
Work From Home
-
Upcoming events & webinarsLearn more and sign up for upcoming BigFix events or watch exclusive past recorded BigFix webinars.
-
Past events & webinars
-
Tool Consolidation
-
Simplify Endpoint Management through Tool ConsolidationSignificantly reduce IT costs while also reducing IT complexity, streamlining operations, and esuring business continuity.
-
Compliance Solution Guide
-
Service Now
-
Service Now Data Flow
-
Service Graph
-
Forescout
-
Resilient
-
Qradar
-
VMWare ESXi
-
BigFix Trust Center
-
BigFix Contact Us
-
ESG-BigFix-IVR
-
qualys
-
Tenable
-
BigFix IoT
-
BigFix Experts
-
BigFix Upgrade from Patch
-
BigFix Field guide
-
BigFix Days Japan
-
Log4j -vulnerabilities
-
Log4j Guide
- Home
- Enterprise Security
- HCL BigFix
- BigFix Trust Center
HCL BigFix Trust Center
Built upon Trust.
HCL BigFix delivers the reliability and security our clients depend upon.
HCL BigFix Trust Center
Software security is critically important to HCL and our valued clients. It is also central to the way HCL BigFix is developed. The HCL security strategy covers all aspects of our business, including corporate and organizational security policies, incident management and response, business continuity and disaster recovery, secure software development processes, and privacy.
This web page specifically addresses the HCL BigFix secure development process, as well as our company and product certifications important to our commercial and government customers. It conveys how the HCL BigFix solution helps IT and Security teams secure their endpoint fleet.
“As the executive responsible for HCLSoftware security, I have a global responsibility in securing our systems and data, defining our security vision and strategy, and building and executing our risk and compliance programs. Most importantly, I oversee our secure development lifecycle that delivers a systematic approach to eliminating software risk. Security policies and checkpoints govern each step of our development lifecycle from design to coding, testing, and deployment. Our internal security team also employs independent external security researchers to validate the security across our entire software portfolio.”
- Mary Zygadlo , Information Security Officer at HCLSoftware
Secure Product Development
HCLSoftware adheres to stringent development processes to protect the code we develop and provide to both our commercial and government customers.
Additionally, BigFix content is protected in several ways. First, the BigFix Content Servers are running in secure data centers. Second, file access control lists (FACL) limiting access and changes to authorized users. And lastly, BigFix content itself is cryptographically signed during the secure build process. Content that is not signed correctly is rejected by BigFix servers and logged as an error. As a result, content downloaded by our customers from the BigFix Content Servers is protected and secure.
Secure Product Support
Our Product Support teams protect our customer data and information by collecting only vital information, limiting access to customer contact information and case data to only those who are actively working to troubleshoot the reported problem, and encrypting customer sensitive information making it unreadable to anyone other than the intended party. Our data protection policy includes:
- Collecting only vital company and contact information.
- Communicating customer information and data via HTTPS and Transport Layer Security (TLS) protocols.
- Sending diagnostic data via SFTP or HTTPS using TLS protocols and encrypting stored data using the AES algorithm.
The HCLSoftware Support organization has achieved ISO27001 certification. External auditors have reviewed HCLSoftware’s practices, policies, and procedures and found that our Information Security Management System (ISMS) meets the requirements of the standard. ISO 27001 compliance demonstrates our ability to protect our client’s data and information.
HCL BigFix Security Bulletins
The HCL Product Security Incident Response Team (PSIRT) manages the receipt, investigation and internal coordination of reported security vulnerabilities for HCLSoftware product offerings. The PSIRT coordinates with product development teams who investigate reported security vulnerabilities and identify the appropriate response plan. Once a response plan is identified, the product teams communicate with internal and external parties in the execution of our vulnerability response process. For more information, visit the HCLSoftware PSIRT page.
The HCL PSIRT publishes Security Bulletins to our customers and partners. Each Security Bulletin describes the CVE and points to additional details and remediation. A list of HCL BigFix Security Bulletins can be on the HCLSoftware Community Forum.
Product Certifications
HCL collaborates with a variety of organizations who evaluate our compliance to industry security so that our customers and partners can be assured of our product integrity. For more information about HCLSoftware corporate compliance, visit the HCLSoftware Compliance page. The following HCL and BigFix certifications have been obtained or are in progress as indicated below).
ISO-20243 certification is an Open Trusted Technology Provider™ Standard (O-TTPS) for mitigating maliciously tainted and counterfeit products. It is a set of guidelines, recommendations and requirements that help assure integrity in technology development and to prevent maliciously tainted and counterfeit products from entering the global supply chain. The standard is focused on verifiable processes and implementation proof points to address the concerns of customers, integrators, suppliers, auditing, regulatory organizations, as well as best practices for implementation throughout all phases of a product’s life cycle: design, sourcing, build, fulfillment, distribution, sustainment, and disposal.
ISO-20243 certification for Secure Supply Chain
ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS) within the context of the organization. In adherence to ISO/IEC 27001, the HCLSoftware Security and Compliance Team was formed to protect the critical information assets by implementing and continually improving an ISMS to help ensure that its applicable information security objectives are met, and the ISMS is able to adapt to internal and external changes. The goal of the ISMS is to protect HCLSoftware and its customers information assets from threats identified, whether internal or external, deliberate or accidental.
ISO/IEC 27001 Certifications
Common Criteria (or CC) is an international standard for computer security certification. It provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level that corresponds with its target use environment.
The OSCI has completed the evaluation of HCL BigFix V10. OCSI manages the assessment and certification of IT security systems and products.
Common Criteria Certification
This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments. The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.
FIPS crypto module embedded in BigFix v11 has received
BigFix Compliance adheres to the Security Content Automation Protocol (SCAP) V1.3. The SCAP is a suite of specifications that standardize the format and nomenclature by which software flaw and security configuration information is communicated, both to machines and humans.
BigFix Compliance V9.2 has obtained SCAP v1.2 certification and BigFix Compliance V10 is in process for SCAP v1.3 certification.
Security Content Automation Protocol (SCAP) Certification
Link to Certification document to be provided when available
CIS Benchmarks are provided as best practices to secure operating systems and software to eliminate any configuration related vulnerabilities for cyber-attacks.
BigFix Compliance V10 is the latest to receive the CIS Security Software Certification for CIS Benchmarks.
CIS Security Software Certification
US Federal Government Considerations
US Federal Government Customers should
visit HCL BigFix for the US Federal Government to learn more.
Your Privacy
We are committed to protecting the privacy of visitors to our websites, individuals who register to use the products and services, individuals who register to attend our corporate events and webinars, and our business partners. For more information, see the HCL Privacy Statement.
Summary
Our valued clients can rest assured that we keep security foremost in our minds as we develop, test and deliver effective and secure endpoint management solutions to our commercial and government customers. For more information, please contact us.