Positive Technologies experience shows that even in companies with international certification in information security organizational issues are often separated from the technical implementation of protective mechanisms. The threat called "Paper Safety" forces experts to focus on regulations, standards and concepts, which leaves no time for real business protection. In some situations, there are technical standards, but their applicability to real systems leaves much to be desired.

Rich practical experience of Positive Technologies experts gained in XSpider security scanner and MaxPatrol Compliance Management system development allows them to offer checked and effective standards for different systems protection, icluding:

The standards define typical configuration of different systems that provide the necessary protection level. Standards are developed on the basis of requirements and recommendations given by software and networks equipment vendors, competent organizations, such as NSA, NIST, CIS, DoD, and Positive Technologies experience in information security. Configurations are developed for specific technologic platforms used in client's systems. Standards could include requirements to standard security mechanisms settings in OS, DBMS and application software according to vendors' and international standards recommendations. Configurations may also include requirements to special security mechanisms settings (Cisco PIX/ASA, PKI tools, cryptographic protection, antivirus protection, backup , еtс.).

The list of developing standards is approved on the basis of client's system analysis. The standards are based on international best practices and are fully tested on applicability to client's infrastructure. In the future, developed standards could be used to automate processes based on the MaxPatrol Compliance Management system.