The day-to-day challenges faced by businesses take constant attention from internal resources. Those resources can be overburdened when new internal and external demands command attention as well. OpenVMS system administrators are faced with two key security concerns brought on by such new demands. The first is that in today’s business environment, managing a system requires access to a number of participants—programmers, operators, third-party consultants and vendors—and this level of access increases the security risk to the system. The second concern is how to comply with new laws (e.g., Sarbanes-Oxley, Graham-Leech-Bliley, etc.), industry-wide pressures and more strict auditing demands that are forcing companies to examine how they develop and adhere to security policies and keep customer data private. With the HP OpenVMS System Security Audit service, businesses can choose the level of support they need to assess and handle their security concerns by partnering with experienced HP consultants who can efficiently and expertly accomplish the defined tasks. Internal IT resources can concentrate on day-to-day activities and receive the precise knowledge they need to maintain security at a level that today’s environment demands. Quickly assess system security. Expert and non–expert OpenVMS administrators can benefit by dramatically reducing the time and effort required to analyze, maintain and report on security settings and/or policies of their OpenVMS system. By relying on HP’s experience and proven implementation methodology in this area, businesses can have the confidence that system security issues have been analyzed against industry security practices and will receive documented recommendations for putting an effective security management system in place. The goal of the HP OpenVMS System Security Audit service is to provide customers with: • A security audit to assess OpenVMS system security • A complete report that identifies vulnerabilities and suggests actions to correct exposures • A comprehensive understanding of their OpenVMS security settings • A solution for continued security management and system auditing By employing industry practices, security management becomes an asset rather than a threat and frees up valuable internal resources to focus attention on other business-critical initiatives. HP OpenVMS System Security Audit service HP Services

How it works HP has partnered with OpenVMS security software developer PointSecure, Inc., to bring customers the HP OpenVMS System Security Audit service. The service is sold per OpenVMS node and is based on tier— workgroup, departmental or enterprise. There are three main components that you can choose from and service options are available to combine these components based on your company’s specific needs. The three main components are: Component A—Security audit With Component A of the HP OpenVMS System Security Audit service, HP will: • Analyze the existing HP OpenVMS system and security environment using PointAudit, a tool from HP partner PointSecure • Perform a comprehensive security check of the OpenVMS physical, network and remote applications access With this component of the HP OpenVMS System Security Audit service, you’ll receive a listing of potential areas for compromise through an HP-certified report of the OpenVMS system that compares the current security level against industry security practices. Component B—PointAudit software With Component B of the HP OpenVMS System Security Audit service, HP will: • Install, configure and train on the auditing software • Provide a software license that will allow you to perform audits any time With this component of the HP OpenVMS System Security Audit service, you’ll receive improved audit performance provided by a point audit license and one-year telephone maintenance and software support. Component C—System Detective software With Component C of the HP OpenVMS System Security Audit service, HP will: • Automate the recognition, notification and management of security issues in real-time • Harden the OpenVMS system and configure it to meet the existing security policy • Install, configure and train on the system monitoring software With this component of the HP OpenVMS System Security Audit service, you’ll have the ability to proactively enforce security policies, receive extensive reporting and alerts on system parameters and access permissions, and receive a system detective license and one-year software and telephone maintenance support. Service options The HP Express OpenVMS System Security Audit service offering is a security program that will provide significant business value to OpenVMS customers, based on their organization’s business requirements. HP Services offers a full breadth of end-to-end solutions that go beyond the scope of this packaged service. Custom services are available to meet the specific requirements of your OpenVMS security needs if the options above do not fit your requirements. Some of the additional options available are: • Additional nodes to be evaluated • Creation of a security policy (separate HP Service offering) Please contact your local HP sales representative for more details. Ordering information HP OpenVMS System Security Audit service HP P/N H9157A For more information For more information on this offering, or to get started, please contact your local HP sales representative or contact us via our web page: http://www.hp.com/hps 5982-5545ENUC, 07/2004 © Copyright 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Ultimate Security and Audit service (Components A & B & C) With this option, you will receive a snapshot security audit, installation of PointSecure’s PointAudit software, and installation and configuration of the System Detective monitoring environment. Proactive Security service (Components A & C) With this option, you will receive a snapshot security audit and installation and configuration of the System Detective monitoring environment. Active Audit service (Components A & B) With this option, you will receive a snapshot security audit and installation of PointSecure’s PointAudit software.