Which version of CommVault are you running? The latest (version 9) has options during install that allow you to strip ALL the permissions for "other" and set a groupID for access (specifically for database iDAs) where a DB owner (OS user other than root) needs R/W access to the /etc/CommVault registry.
This way instead of the permissions of /etc/CommVaultRegisty being 755 for directories and 644 for files, they would be more like 750 or 640 or 660 for DB iDA.
If you are running V9, there is a utility in the Base directory (typically /opt/simpana/Base) called cvpkgchg that can be run to change/fix the permissions of the simpana install. It is a menu driven script, so just run ./cvpkgchg from the Base directory and follow the prompts. One of the options is to change permissions for other. Then you can strip ALL the permissions which hopefully will satisfy your security folks. Here is a link to some FAQS in the online documentation... Just scan the page for cvpkgchg.
Let us know if this helps.
Ernst F. Graeler
Senior Engineer III