Hatha Systems' Knowledge Refinery™ delivers a unique approach to IT compliance delivery. Whether addressing regulatory compliance (e.g. FISMA, Common Criteria, HIPAA, SOX, etc.) or organizational compliance requirements, our solution enables full system transparency. This comprehensive visibility into the system and full traceability delivered through our automated extraction and analysis capability can provide a means of delivering compliance on-demand. Additionally, our solution provides a common repository and common data format, thus enabling the correlation of system data/metadata for compliance against security, safety, functionality, as well as other compliance views and the possibility of correlating the views between them.
Hatha Systems' Knowledge Refinery™ provides:
- Extraction and documentation of the current state of the system at any point in the software lifecycle (during development, test, deployment, operations, maintenance processes).
- Extraction of system layers whether security, safety, functional architectural views and associated weaknesses for corrective action.
- Extraction of code weaknesses as well as the pathways to the code weakness for impact analysis.
- Extraction on-demand for continuous compliance analysis to support patch, maintenance or functional upgrade changes to systems.
- Versioning Analysis enables the ability to do a comparison of two versions of software (one baseline and the other new) at all levels of change - business terms, business logic, architecture, data/control flows, etc.
- User definable querying environment providing flexibility to seek out new or changing regulatory or organizational compliance requirements.
The Knowledge Refinery™ allows the analyst not only to perform searches within the system being analyzed against various compliance controls, but also trace and document the whole search process and present it as a proof that the results were legitimately obtained. Hatha Systems' Knowledge Refinery™ keeps a log of all activities performed in analyzing a system, from the initial build (parsing of sources) to the actual results of queries for weaknesses. One can see when a particular query was run, and how many elements were returned. Rather than relying on the simple statement from an analyst, an auditor can actually check and verify the results of the assurance assessment.
Hatha Systems' Knowledge Refinery™ logs of analysis activities
Hatha Systems' Knowledge Refinery™ search results for a common weakness