We are currently validating IBM MaaS360 for a financial institution and would like to confirm if the platform supports the following capabilities:

1. Application Usage Analytics

   • Is it possible to create dashboards showing application usage time (e.g., Adobe, Microsoft Office)?

   • Does this require any add-on, integration, or advanced reporting module?

2. Device Performance Monitoring

   • Can MaaS360 display device performance metrics such as CPU, RAM consumption, disk usage, and system health?

   • Is this available in real-time or only through periodic reports?

3. Driver and Firmware Updates

   • Does MaaS360 detect outdated device drivers and manage their updates?

   • If not natively, are there supported integrations?

4. Secure Remote Wipe and Compliance Evidence

   • When performing remote wipe, does MaaS360 generate a formal compliance report or certificate?

   • Is it aligned with NIST 800-88 or similar standards?

   • Are integrations with third-party secure data erasure tools supported?

5. BIOS / Firmware Management

   • Is it possible to manage BIOS passwords centrally?

   • Can password rotation policies be enforced?

   • Is OEM integration (Dell/HP/Lenovo) required?

6. Windows Patch Management

   • How does MaaS360 detect missing Windows updates?

   • Can patch deployment and compliance policies be customized?

These capabilities are critical for regulatory, audit, and operational compliance in the banking environment.

Hi Rodrigo

Very comprehensive list of questions! We are anxious to ensure that our colleagues in Financial Services have the necessary set of measures and configurations to respond to the demanding level of compliance and regulation to which they are often legally obliged to conform. Please see below, and if there are any further features you think are necessary please let me know. 

Application Usage Analytics

• Is it possible to create dashboards showing application usage time (e.g., Adobe, Microsoft Office)? Yes. See link below. 

https://www.ibm.com/docs/en/maas360?topic=portal-advanced-apps-inventory-reports-maas360

• Does this require any add-on, integration, or advanced reporting module?

If the Reports and data provided are sufficient you don't need to have any additional module or higher licence level. IBM believes that a fundamental set of business controls includes reporting capabilities at an advanced level and this is available for all MaaS360 licences. However if you would like to add features or functionality you can use Web Services (see details below). 

• Report extract / subscription (standard feature, all licences)

You can run a manual extract from any report or tabular data in the product, using the Export feature. This can also be automated for a small number of reports using the Setup / Settings / Administrator settings menu so that you can receive report extract automatically on a specified date. This can help for example with billing reconciliation for MaaS360 Billing. 

• Web Services extracts via REST API (standard feature, requires 3rd party integration, all licences)

This is another feature where 3rd party Business Intelligence tools can run an extract to obtain data securely from our platform, for retrieval into reporting capability and further analytics. 

Device Performance Monitoring

·        Can MaaS360 display device performance metrics such as CPU, RAM consumption, disk usage, and system health?

Yes. For specific field information see the device inventory record. For specific reports on device information see the Reports module (link below). This includes key pieces of information such as free disk space.

https://www.ibm.com/docs/en/maas360?topic=portal-advanced-apps-inventory-reports-maas360

Once more you can use REST API Web Services to perform an extract for further analytics (see above).

·        Is this available in real-time or only through periodic reports?

As described above. FYI our Reporting module uses a data warehouse which is an industry-standard approach meaning the reports are prepared overnight for execution the following day. You can also retrieve real-time information by performing a search or looking in individual device records, or using the Web Services extract.

Driver and Firmware Updates

• Does MaaS360 detect outdated device drivers and manage their updates?

Quite simply, proactively, no. However there are tools in the market-place which focus on this issue such as 1E from our partner Team Viewer. Please note that IBM does not recommend 3rd party software and this is only an example of a tool that you could use. 

However, you should be aware that our App Catalog provides for a comprehensive approach to all software and includes even operating system image management, such that you can build an OS image to the organisation's requirements, which already has a set of device drivers built in that match all common 3rd party devices connected to your computers. 

You do have features such as OEMConfig to provide you with powerful device configuration capability, see here for more information: 

https://www.ibm.com/docs/en/maas360?topic=security-using-oemconfig-apps-apply-advanced-device-configuration-policies-in-maas360

• If not natively, are there supported integrations?

Yes – we integrate with app store and platform (operating system) updates including Apple App Store and Google Play Store automatic app updating, ijndustry standard solutions such as OEMConfig and AppConfig; and for granular patch management, Windows Updates, Samsung e-FOTA One and so on. 

Secure Remote Wipe and Compliance Evidence

·        When performing remote wipe, does MaaS360 generate a formal compliance report or certificate?

Not at present but this is a feature which can be proposed using the IBM Ideas platform: https://ideas.ibm.com

·        Is it aligned with NIST 800-88 or similar standards?

MaaS360's security policies are based on the ISO 27001 standard. The ISO standards are recognized throughout the world as comprehensive and thorough sets of controls comprising best practices. MaaS360 developed these policies in conjunction with outside vendors to ensure the most comprehensive coverage of our business practices.

In addition to the ISO 27001 MaaS360 reviews the NIST (National Institute of Standards and Technology) Federal Information Processing Standards (FIPS) and Special Publication (SP) 800 series. MaaS360 enhances its security policies by implementing components of the NIST SP800-53 guideline that are relevant to its business. MaaS360 has also adopted the recently published standard from NIST regarding Risk Management Framework, NIST SP800-37. 7

------------------------------
Eamonn O'Mahony
MaaS360 Technical Sales
Dublin
------------------------------