×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

   

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.
BMC Cloud Lifecycle Management 4.7 ... Administering the product Common administrator tasks Monitoring BMC Cloud Lifecycle Management and services

Monitoring BMC Cloud Lifecycle Management service compliance

Compliance and security checks are of prime importance to IT administrators when managing data centers. Security breaches take place because of insufficient security/compliance checks, which make the system vulnerable to outside attacks. BMC Cloud Lifecycle Management leverages BMC Server Automation, a leading solution for creating and managing compliance content and remediating violations. BMC Server Automation patches the vulnerable systems by applying security patches and normal updates. Compliance and overall security are often treated as day 2 operations after a server is provisioned. Use the BMC Cloud Lifecycle Management – My Cloud Services Console or End User Portal (EUP) to set compliance as a day 2 operation in a greenfield or brownfield environment. Use the BMC Cloud Lifecycle Management – Administration Console to set compliance by using the service blueprint.

See the following BMC Communities video series to learn more about configuring and enabling compliance in BMC Cloud Lifecycle Management:

This topic includes the following sections:

Overview of Compliance

Technical and operational standards exist to protect sensitive data held in the data center. To achieve accreditation, the data center must prove compliance with existing standards. BMC Server Automation Compliance Content libraries provide you with add-on content for BMC Server Automation, containing rule sets to automatically analyze compliance for every server in the data center. These sets of rules are based on the following standards and policies:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Defense Information Systems Agency--Security Technical Implementation Guides (DISA STIG)
  • Sarbanes-Oxley (SOX) Act
  • Payment Card Industry (PCI) Data Security Standard (DSS) requirements developed by the PCI Security Standards Council
  • Center for Internet Security (CIS) benchmarks

Results from analyses performed based on Compliance Content component templates can be used both to document the current situation and as a basis for bringing non-compliant servers into full compliance with the standard. Using BMC Server Automation Compliance Content, you can

  • Discover relevant target servers and analyze those servers for compliance with major regulatory standards and best-practice policies
  • Remediate compliance failures that were discovered by deploying BLPackages
  • Generate reports with summaries of compliance details, similar to policy audit sheets

For a list of Compliance Content component templates, see Compliance Content component templates.

For more information about using Compliance Content add-ons to analyze and remediate compliance with standard policies, see Compliance Content analysis and remediation.

Notes

The pre-defined component templates provided in BMC Server Automation Compliance Content libraries reflect a generic interpretation of the compliance standards, and cannot take into account the specific situation within your organization. Therefore, certification cannot be assumed and is not implied based solely on successfully complying with the rules within these templates. Additional measures, such as manual compliance checks, may be required to achieve certification.

The Payment Card Industry (PCI) Data Security Standard templates are provided in two groups, one group of templates for PCI version 1 and one group for PCI version 2.

Warning

BMC Regulatory Compliance Templates (Policies) provided by BMC comes with remediation actions for many of the standard checks where rule check fails and corrective action may be necessary to get servers to desired state. It is recommended by BMC for customers to carefully review all the shipped remediation actions. BMC supplies Auto remediation flag and by default is set to false to ensure no changes on the managed servers are performed when certain compliance rules check fail. If auto remediation flag is set to true then BSA as part of remediation package deploy job will make changes to servers. It is the responsibility of customer to ensure and control remediation actions including auto remediation actions performed in their environment.

For an overview of compliance analysis and remediation, see Analyzing system compliance in the BMC Server Automation Documentation.

Back to top

Supported platforms for compliance

The following table lists the platforms that support compliance:

Platform

Compliance Support

Day 1

Day 2

VMware

Supported

Supported 

LPAR

Supported

Supported 

Hyper-V

Supported

Supported 

Bare Metal

Supported

Supported

Physical Server

Supported

Supported

Xen

Supported

Supported

VM Onboarding

Not SupportedSupported

AWS

Supported

Supported

vCloud Director

Not Supported

Not Supported

OpenStack

Supported

Supported

Azure

Supported

Supported

NEW IN 4.6.06Azure Resource Manager

SupportedSupported

Docker

Not Supported

Not Supported

IBM Bluemix Infrastructure

Not Supported

Not Supported

BMC Database Automation

Not Supported

Not Supported

Cloud Foundry

Not Supported

Not Supported

Note

Starting from 4.6.03 and later, compliance at service level is available for AWS, OpenStack, and Azure.


Back to top

Setting up compliance in a Greenfield environment

By default, BMC Cloud Lifecycle Management supports HIPPA, PCI, SOX, DISA, CIS, and custom templates created by the BMC Server Automation administrator. To configure compliance in a new BMC Cloud Lifecycle installation, the cloud administrator must perform the following tasks:

  1. Locate and download the Compliance Module installer based on the platform (for example, BBSA 8.7.00 Server Automation for Windows[x64]) from the BMC EPD site http://usermanager.bmc.com/intepd after successfully installing BMC Server Automation.
    The installer contains Compliance templates, which BMC releases periodically.
  2. Unzip the downloaded file (for example, BBSA87-WIN64).

  3. Double-click the executable file (for example, Content87-WIN.exe) and install the entire content or selected content based on your requirement.

    For detailed information on BMC’s Compliance solution, see Installing Compliance Content add-ons and  How to load Compliance Content in the BMC Server Automation online technical documentation.

    SOX Templates 8.7.00.000

              SOX AIX 8.7.00.000

              SOX HPUX 8.7.00.000

              SOX RedHat Linux 8.7.00.000

              SOX Solaris 10 8.7.00.000

              SOX Solaris 8/9 8.7.00.000

              SOX SuSE Linux 8.7.00.000

              SOX Win03 v2.0 8.7.00.000

     HIPAA Templates 8.7.00.000

              HIPAA AIX 8.7.00.000

              HIPAA HPUX 8.7.00.000

              HIPAA Solaris 10 8.7.00.000

              HIPAA Solaris 8/9 8.7.00.000

              HIPAA Suse Template 8.7.00.000

              HIPAA Red Hat Enterprise Linux 5 8.7.00.000

              HIPAA Red Hat Enterprise Linux 6 8.7.00.000

              HIPAA Red Hat Enterprise Linux 7 8.7.00.000

              HIPAA Windows Server 2003 8.7.00.000

              HIPAA Windows Server 2008 8.7.00.000

              HIPAA Windows Server 2012 8.7.00.000

     PCI Templates 8.7.00.000

              PCI HPUX 8.7.00.000

              PCI Solaris 10 8.7.00.000

              PCI Solaris 8/9 8.7.00.000

              PCI Win03 v2.0 8.7.00.000

     PCI v2 Templates 8.7.00.000

              PCI v2 Windows 2008 8.7.00.000

              PCI v2 RedHat Linux 5 8.7.00.000

     PCI v3 Templates 8.7.00.000

              PCI v3 Windows 2012 8.7.00.000

              PCI v3 RedHat Linux 6 8.7.00.000

              PCI v3 AIX 5.3 and 6.1 8.7.00.000

              PCI v3 AIX 7.1 8.7.00.000

              PCI v3 SuSE Linux Enterprise Server 10 8.7.00.000

              PCI v3 SUSE Linux Enterprise Server 11 8.7.00.000

      DISA Templates 8.7.00.000

              DISA AIX 6.1 8.7.00.000

              DISA HPUX 11.23 8.7.00.000

              DISA HPUX 11.31 8.7.00.000

              DISA Red Hat Enterprise Linux 5 8.7.00.000

              DISA Red Hat Enterprise Linux 6 8.7.00.000

              DISA Solaris 10 SPARC 8.7.00.000

              DISA Solaris 10 X86 8.7.00.000

              DISA Solaris 11 SPARC 8.7.00.000

              DISA Solaris 11 X86 8.7.00.000

              DISA Windows Server 2003 MS 8.7.00.000

              DISA Windows Server 2003 DC 8.7.00.000

              DISA Windows Server 2008 DC 8.7.00.000

              DISA Windows Server 2008 MS 8.7.00.000

              DISA Windows Server 2008 R2 MS 8.7.00.000

              DISA Windows Server 2008 R2 DC 8.7.00.000

              DISA Windows Server 2012 DC 8.7.00.000

              DISA Windows Server 2012 MS 8.7.00.000

     CIS Templates 8.7.00.000

              CIS Windows 2008 8.7.00.000

              CIS Windows 2012 8.7.00.000

              CIS Windows Server 2003 for Domain Controllers 8.7.00.000

              CIS Windows Server 2003 for Member Servers 8.7.00.000

              CIS AIX 5.3 and 6.1 8.7.00.000

              CIS AIX 7.1 8.7.00.000

              CIS RedHat Linux 5 8.7.00.000

              CIS RedHat Linux 6 8.7.00.000

              CIS SuSE Linux Enterprise Server 10 8.7.00.000

              CIS SUSE Linux Enterprise Server 11 8.7.00.000

              CIS Windows 2012 R2 8.7.00.000

              CIS RedHat Linux 7 8.7.00.000

              CIS Windows 2008 R2 8.7.00.000

              CIS Oracle Solaris 11.1 8.7.00.000


    Note

    If the cloud administrator uses domain-based user authentication instead of the standard BLAdmin user, the cloud administrator must ensure that the specified domain user has read, write, and execute permissions on BMC Server Automation objects.

  4. Restart the Platform Manager.
    Compliance jobs are then created automatically. These jobs are visible as compliance standards in BMC Cloud Lifecycle Management.
  5. (Optional) To enable compliance during provisioning, ensure that you select the Enable auto-discovery check box in BMC Server Automation for the specific compliance job that you selected when you set up the service blueprint.

Back to top

Setting up compliance in a Brownfield environment

To configure compliance in BMC Cloud Lifecycle Management when a customer already has BMC Server Automation, with the compliance feature up and running, the cloud administrator must integrate the existing BMC Server Automation sever with the BMC Cloud Lifecycle Management environment by performing the following tasks:

  1. Use the BMC BladeLogic Server Automation Console to log in to the BMC Sever Automation application server.
  2. Navigate to a specific job (for example, CIS_Daily).

  3. Set the CSM_OPS_DISCOVERABLE server property to true.

    Note

    CSM_OPS_DISCOVERABLE is added automatically in the BMC Sever Automation server under the Job Property class when BMC Cloud Lifecycle Management starts up and connects to BMC Sever Automation.

    In other words, in a brownfield environment when you upgrade to BMC Cloud Lifecycle Management version 4.6, during startup, this property is created automatically.




    The selected compliance jobs show as compliance standards in BMC Cloud Lifecycle Management in the next scheduled update.

  4. (Optional) To enable compliance during provisioning, ensure that you select the Enable auto-discovery check box in BMC Server Automation for the specific compliance job that you selected when you set up the service blueprint.

Note

If you change the compliance content after the existing Compliance jobs are completed, the changed contents are not part of their respective templates and therefore, the BMC Server Automation administrator (BLAdmin) must manually add the new templates to the Compliance jobs and run the necessary Discovery jobs for the existing servers. The servers provisioned after adding the new templates are automatically discovered by using the new templates added to the respective jobs.

Back to top

Configuring compliance for third-party providers

Setting up compliance for platforms such as Azure, Amazon Web Services (AWS), and OpenStack starting from version 4.6.03 and later is similar to that for BMC Server Automation, which is an on-premises provider. For details on how to set compliance, see Creating, copying, or editing a service blueprint and Configuring compliance for multiple servers.

Prerequisites

Before you enable compliance for third-party providers, ensure that the following prerequisites are met:

  • RSCD agent is installed and running on the provisioned VM
  •   The provisioned VM is on a BMC Server Automation-accessible network so that the RSCD agent is accessible from BMC Server Automation when the Compliance Job is executed.

Note

The Compliance Job status does not show up in BMC Server Automation because the Compliance Jobs are queued up for execution. By design, Azure instance endpoints for RSCD cannot be opened simultaneously. The CloudService port forwarding logic opens up only one VM port at a time. As a workaround, you can use a VPN. In the Compliance Job, you can configure a start hook and an end hook where the port can be opened and closed respectively.

Back to top

Configuring compliance for a single server

If compliance is not configured at service definition time or compliance needs to be changed post provisioning, the cloud administrator can configure compliance using the My Cloud Services console or End User Portal (EUP).

Perform the following steps if you want to specify a compliance standard for a single server:   

  1. Navigate to My Cloud Services console > My Resources tab > Resource list.
  2. Click the hyperlink for the specific server as shown in the following figure:

  3. On the Server details page, click Configure Compliance as shown in the following figure:


    Note

    You can also perform steps 2 and 3 by selecting the check box to the left of the specific server, and then from the Actions section, selecting Configure Compliance. Note that the Actions section appears on specific column values depending on the context.

  4. On the Configure Compliance dialog box, in the Search Compliance Jobs field, specify a compliance job that must be run.

    Note

    By default, compliance jobs are scheduled Daily, Weekly, or Monthly. Compliance is designed to be executed in compliance windows set by the BMC Sever Automation administrator. Compliance jobs are executed on schedules set by the BMC Sever Automation administrator.

    To schedule compliance jobs, the BMC Sever Automation administrator must perform the following tasks:

    1. Use the BMC BladeLogic Server Automation Console to log in to the BMC Sever Automation application server.
    2. Navigate to a specific job (for example, DISA_Weekly).
    3. Double-click the selected job and go to Schedule.
    4. Edit the existing schedule to set a value based on the organization's compliance window.

    For details about setting compliance schedules in BMC Server Automation, see Compliance Job - Scheduling.


  5. Click OK.
    Once compliance is configured, the compliance of your servers is displayed as shown in the following figure:

     

  6. (Optional) Modify exiting compliance or add new compliance by clicking Add/Remove Jobs.

    Note

    On the My Cloud Services console > My Resources tab > Compliance pane, the details for a selected server show only the last job run even if that server has multiple compliance jobs associated. For example, if the server has three jobs, the Compliance pane does not show the details for all the three jobs. It shows only one jobs' last run status details.

  7. (Optional) Clear the selected compliance standards from a server to remove any associated compliance.

    Note

    If PCI compliance is set for a server, the discovery job creates a compliance component under the PCI template. However, if you change the compliance to DISA, a new component is created for this server under DISA, but the PCI component is not deleted.The earlier component (PCI) is harmless and remains in BMC Server Automation until the server is decommissioned. 

    Therefore, when the compliance standard for the server is changed, you must manually delete the discovery signature from BMC Server Automation. 

Back to top

Configuring compliance for multiple servers

The cloud administrator must select multiple servers to perform the following actions:


Adding the same compliance standard to several servers at a time 

The cloud administrator must perform the following steps to specify the same compliance standard for several servers at a time:

  1. Navigate to My Cloud Services console > My Resources tab > Resource list.

  2. Select one or more check boxes to the left of the servers list.

  3. Click the Actions menu.
    The Actions menu appears on specific column values depending on the context.
  4. Select Configure Compliance from the menu.
  5. On the Configure Compliance dialog box, in the Search Compliance Jobs field, specify a compliance job that must be run.
  6. Click OK.

Back to top

Changing the existing compliance standard on several servers at a time 

The cloud administrator must perform the following steps to modify the compliance standard for several servers at a time:

  1. Navigate to My Cloud Services console > My Resources tab > Resource list.

  2. Select one or more check boxes to the left of the servers list.

  3. Click the Actions menu.
    The Actions menu appears on specific column values depending on the context.
  4. Select Configure Compliance from the menu.
  5. On the Configure Compliance dialog box, under the Search Compliance Jobs field, clear the check box for the existing compliance job or specify an additional compliance job.
    In the following example, the same compliance jobs, PCI_Daily and HIPPA_Daily exist on all the selected servers:


    In the following example, different compliance jobs, PCI_Daily and SOX_Daily exist on the selected servers:

  6. Click OK.

Back to top

Viewing the Activity Log when compliance is configured

After compliance is configured, cloud administrators can navigate to Cloud Services console > My Resources tab > Activity Log to view the progress or check if any failures have occurred during the process.

The following figure shows the Activity Log as soon as compliance is set:

The following figure shows the Activity Log when compliance configuration is in progress:

The following figure shows the Activity Log when compliance configuration is completed:

The following table lists the various activities that take place when you configure compliance for two servers shown in the preceding figure:

ActivityDescription
Server - Server Activity Main job triggered to configure compliance on both the servers
Server - byqcert-1Compliance configuration job on the first server

Server - sant -1

Compliance configuration job on the second server

Service - Windows 2008 with Custom Inputs -1Service affected owing to compliance configuration job on the first server
Service -  SantoshKamble - 1Service affected owing to compliance configuration job on the second server

 

Back to top

Interpreting the compliance result

Cloud administrators, tenant administrators, or end users can view the compliance results displayed for each server as well as service. Compliance for a Server is a direct reflection of results fetched from BMC Server Automation. The compliance percentage for a server is calculated as the total number of successful rules/total rules.

For example, consider that a server has PCI and CIS configured with each having 100 rules. After both the PCI and CIS jobs run complete, let’s say that the total number of successful rules are 85 and 91 respectively. Then, the compliance percentage for the server is calculated as 176/200 = 88.00%.

In the case of a Service, the lowest compliance percentage attained by the server is displayed.

Icons in the COMPLIANCE RESULT column indicate the overall compliance for the servers on which compliance is configured. 

  • A green check mark indicates that the server is COMPLIANT.
  • An orange check mark indicates that the server is COMPLIANT_WITH_FAILURES. You should monitor those failures and consider improvements to improve the overall compliance health.
  • A red check mark indicates that the server is NON_COMPLIANT.
  • A grey check mark indicates that the server compliance is UNKNOWN. BMC Cloud Lifecycle Management cannot determine the compliance for that server because the compliance job fails or has not yet run.

Interpreting the Server Compliance state (Server COMPLIANCE RESULT column in the EUP)

  • If all the jobs are in NOT_RUN state (-), the Server state will be NOT_RUN (-).
  • If one of the jobs is in COMPLIANT state and all the remaining are in NOT_RUN state, the Server state will be COMPLIANT.
  • If one of the jobs is in NON-COMPLIANT state, the Server state will be NON-COMPLIANT irrespective of other job states.
  • If one of the jobs is in UNKNOWN state, the Server state will be UNKNOWN.

Interpreting the Service Compliance state (Service COMPLIANCE RESULT column in the EUP)

  • If all the servers are in NOT_RUN state, the Service state will be NOT_RUN.
  • If one of the servers' state is COMPLIANT and all the remaining are in NOT_RUN state, the Service state will be COMPLIANT.
  • If one of the servers' state is in NON-COMPLIANT state, the Service state will be NON-COMPLIANT irrespective of other server states.
  • If one of the servers' state is UN KNOWN, the Service state will be UNKNOWN.

Interpreting the Server/Service Job state (COMPLIANCE JOB STATUS column in the EUP)

  • If all the jobs are in COMPLETED state, the COMPLIANCE JOB STATUS will be COMPLETED.
  • If one of the jobs is in NOT_RUN state and all the remaining are in COMPLETED state, the COMPLIANCE JOB STATUS will be CONFIGURED_NOT_RUN.
  • If one of the jobs is in FAILED state, the COMPLIANCE JOB STATUS will be FAILED irrespective of other server states.

Notes

The compliance result is computed by the number of rules that succeed and not by individual rules. Therefore, if a user has added the same rule multiple times in different qualify jobs, the compliance result will show collective rule failure.

When a compliance standards is associated to a server, two automated task are performed.

  • Adding the server to the specified smart group designed for the Compliance job
  • Running an internal Discovery job, which qualifies the server for a specific compliance template. If a failure occurs in the Discovery job, the compliance result for the server is not computed. The BMC Server Automation administrator must correct the anomalies, which are generally due to a mismatch such as a Windows 2008 template being validated for a server running Windows 2012 R2.

 

Back to top

Customizing configuration for compliance

The cloud administrator can set the compliance results interval and compliance threshold percentages by updating the following properties in the providers.json file.

  • BBSA_OPS_COMPLIANCE_RESULT_FETCH_INTERVAL: Specifies the interval in minutes after which the Platform Manager checks with BMC Server Automation for compliance results from the Compliance Jobs.
  • COMPLIANCE_PERCENTAGE_THRESHOLD_MAX: Specifies the compliance limit in terms of percentage. Percentage values equal to and greater than this specified value are considered to be COMPLIANT.

  • COMPLIANCE_PERCENTAGE_THRESHOLD_MIN: Specifies the compliance limit in terms of percentage.

    • Percentage values equal to and greater than this specified value but less than COMPLIANCE_PERCENTAGE_THRESHOLD_MAX are considered to be COMPLIANT_WITH_FAILURES. 

    • Percentage values less than this specified value are considered to be NON_COMPLIANT.

       

      {
    "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
    "accessAttribute" : {
      "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
      "datatype" : "INTEGER",
      "description" : "Compliance Result fetching interval in minutes.",
      "guid" : "b1a83fa7-824c-42ce-844a-58c228e0bd36",
      "isOptional" : true,
      "isPassword" : false,
      "modifiableWithoutRestart" : false,
      "name" : "BBSA_OPS_COMPLIANCE_RESULT_FETCH_INTERVAL"
    },
    "attributeValue" : "5",
    "description" : "Compliance Result fetching interval in minutes.",
    "guid" : "3ff7c16a-970e-45a6-9971-26296e7831f8",
    "name" : "BBSA_OPS_COMPLIANCE_RESULT_FETCH_INTERVAL"
  }
{
  "cloudClass" : "com.bmc.cloud.model.beans.Provider",
  "accessValues" : [ {
    "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
    "accessAttribute" : {
      "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
      "datatype" : "FLOAT",
      "description" : "Compliance percentage threshold below which the server compliance state will be shown NON-Compliant (RED) in UI.",
      "guid" : "291e5ddb-5719-43e0-a4b3-747b423e1328",
      "isOptional" : true,
      "isPassword" : false,
      "modifiableWithoutRestart" : false,
      "name" : "COMPLIANCE_PERCENTAGE_THRESHOLD_MIN"
    },
    "attributeValue" : "40.0",
    "description" : "Compliance percentage threshold below which the server compliance state will be shown NON-Compliant (RED) in UI.",
    "guid" : "404aab03-275a-49c5-a034-1e001c21dd47",
    "name" : "COMPLIANCE_PERCENTAGE_THRESHOLD_MIN"
  }, {
    "cloudClass" : "com.bmc.cloud.model.beans.AccessAttributeValue",
    "accessAttribute" : {
      "cloudClass" : "com.bmc.cloud.model.beans.AccessAttribute",
      "datatype" : "FLOAT",
      "description" : "Compliance percentage threshold above which the server compliance state will be shown Compliant (Green) in UI.",
      "guid" : "a02161d0-4406-433f-a246-3738ec9ce4ef",
      "isOptional" : true,
      "isPassword" : false,
      "modifiableWithoutRestart" : false,
      "name" : "COMPLIANCE_PERCENTAGE_THRESHOLD_MAX"
    },
    "attributeValue" : "50.0",
    "description" : "Compliance percentage threshold above which the server compliance state will be shown Compliant (Green) in UI.",
    "guid" : "52526c7a-2490-41af-8944-7d05004330e7",
    "name" : "COMPLIANCE_PERCENTAGE_THRESHOLD_MAX"
  }

      The following figure shows compliance thresholds pictorially:


Back to top

Decommisioning compliance

The cloud administrator must perform the following steps to decommission the compliance jobs for several servers at a time:

  1. Navigate to My Cloud Services console > My Resources tab > Resource list.

  2. Select one or more check boxes to the left of the servers list.

  3. Click the Actions menu.
    The Actions menu appears on specific column values depending on the context.
  4. Select Configure Compliance from the menu.
  5. On the Configure Compliance dialog box, under the Search Compliance Jobs field, clear the check box for the existing compliance jobs.
  6. Click OK.

Back to top


Was this page helpful? Yes No Submitting... Thank you
Last modified by Shweta Hardikar on Jan 13, 2020
sox 4_6_03 videos compliance monitoring disa cis hipaa pci 4_6

Comments

Log in or register to comment.

Viewing and customizing dashboard charts on the legacy Dashboards workspace
Enabling resource monitoring for end users
© Copyright 2013 - 2020 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.