Complying with the Cyber security and information regulation in the Dominican Republic

Evolving internet threats and high frequency of cyber incidents have forced Dominican Republic to formulate a set of benchmarks and regulations to maximize the confidentiality, integrity and security of not only information, but also of applications and infrastructure. SS-Dominicana, a leading service provider in the Information Security, Business Continuity and IT management landscapes have gathered and published these regulations. Due to the increasing number of regulations and need for operational transparency, organizations are looking for consolidated solutions to meet various compliance needs.

ManageEngine Endpoint security suite of products helps your organization comply with Cyber security and information regulations formulated by the Dominican Republic, to secure your organizations from vulnerabilities and configuration flaws and improve your cyber hygiene. In this document, we'll see how various ManageEngine Endpoint Management Suite of products help you to comply with Article 20, Article 26, and Article 28 of the Cyber security and information regulations.

Article number Requirement Description EMS Products fulfilling the requirements
Article 20 - Applications of Deal, Protection of Applications:a) -c)
  • Vulnerability Analysis and Configuration vs. Standards (SANS 25, OWASP, PCI, GDPR etc.)
  • Visibility / Security of browsers and "add-ons", secure configuration from central console, access control to applications.
  • Vulnerability Manager Plus helps security teams to analyse and predict real risks that are critical and need immediate attention, so they can remediate risks promptly and secure the network from security breaches.
  • Also, Vulnerability Manager Plus's security configuration management feature helps users to detect misconfigurations and replace them with secure configuration to make their endpoints compliant with industry standards and security benchmarks.
  • Browser Security Plus brings visibility into browser usage and trends and helps deploy security configurations to browsers to prevent threats and data leakage. It also helps control which websites and add-ons can be accessed by users to enhance security. Browser Security Plus also allows the distribution of mission-critical add-ons from a central console while restricting installation of any other add-ons.
Article 26. Management of Information systems Vulnerability Analysis Solution that suggests the best secure configuration in infrastructure assets (Base Line Security) based on best practices and standards. Server Firewall, IDS / IPS Host, File Integrity & Configuration Monitoring (near real time) and "Hardening" & "Server Lockdown"
  • Vulnerability Manager Plus provides users with an integrated platform to assess and manage vulnerabilities and also it comes with an out-of-the-box security recommendations to establish secure configurations in your endpoints that are defined by best practices and industry standards.
  • You can also audit firewall, continuously monitor network security state and also harden web servers to secure them from various attack variants with Vulnerability Manager Plus.
Article 28. Network Management. a) System Security Updates
  • Identifying the vulnerability, which asset (s) is affected and what is the level of risk according to its classification
  • Detecting which updates and / or configuration changes should be implemented so that it is in compliance.
  • Test the updates and configurations prior to implementation to mitigate risks
  • Implement automatically and "return" easily in case of failures
  • With Vulnerability Manager Plus, you can not only identify vulnerabilities across your network but also discern the risk posed by those vulnerabilities based on various risk assessment parameters such as severity, exploitability, affected system details and availability of a fix. Not just that, you can correlate vulnerabilities with corresponding security updates for remediating the vulnerability. Also, it provides alternative measures such as configuration changes to mitigate vulnerabilities in the event of no security update.
  • Patch Manager Plus helps you to customize and automate the entire patching process. Its test and approve feature lets you test the functionality of updates for failure and other issues before rolling them out to the production environment. Once tested, the updates will get automatically deployed to the target machines, and will be re-tried incase of failure.