Just before heading off to the Catalyst Conference last month, I wrote about Courion's entry into regulatory compliance services with the ComplianceCourior addition to its Identity Management Suite. Little did I know that this was just the tip of the iceberg, and lots of vendors wanted to tell me about the "compliance factor" in their new (and not so new) products.Two that you should pay attention to are from old friends Thor Technologies and Oblix.Oblix double-teamed me in the form of Prakash Ramamurthy, vice president products and technology, and Ken Sims, vice president, marketing and business development, to talk about Version 7 of CoreID, the heart and soul of Oblix' identity products.In particular, they wanted to stress that while CoreID always included all of the tools necessary for regulatory compliance, Version 7 specifically addressed the issues and the new reporting tools (from Business Objects' Crystal Reports) include built-in compliance reporting templates as well as extensibility to cover new and unforeseen compliance issues. Another new feature of CoreID 7 is the inclusion of OctetString's Virtual Directory Engine to handle synchronization, workflow and provisioning issues.Later in the week, I met with Thor's John Aisien, vice president of marketing and business development, Ranjeet Vidwans, business development manager, and Liz Safran, Thor's punctuality-challenged, but always helpful PR princess. We talked about Version 8 of Xellerate Identity Manager, which incorporates Xellerate Audit and Compliance Manager (XellerateACM).In particular, Aisien wanted to emphasize that Version 8 offered the following tools for regulatory compliance: Internal Control Definition and Enforcement; Fine-Grained Policy Control; Policy Retroactivity; Exception Reporting; and Ongoing, Continuous Audit (and he capitalizes each word as he says it).You should visit Oblix' and Thor's Web sites (see links below) to find out more about these new releases, and if you're in the market for regulatory compliance tools you should also remember to check with Courion.I don't doubt that others will follow with either new, re-packaged or "re-positioned" compliance and reporting offerings, but these three are the ones that have the market today. Still, just about any solid identity management product (or access control product) has a use in the regulatory compliance space; it's just a question of how much work you want to do on your own to cobble together a working solution.In the next issue, I'll tell you about the new (or, at least new to me) companies I came across at the Catalyst Conference. As always, there were some interesting ones.