Execute Search 
Secure Networks Emerging Technologies Information Assurance Secure Communications Identity Solutions Company

Xacta IA Manager: USGCB scanning and SCAP support for greater assurance of your security posture.


xacta_ia_manager_internal  Order an information pack for Xacta IA Manager Sign up for an online Xacta IA Manager evaluation account
  • Continuously scan endpoint systems for patches and vulnerabilities by leveraging Security Content Automation Protocol content
  • Simplify asset configuration compliance auditing to ensure compliance with U.S. Government Configuration Baseline (USGCB) checklists for Windows XP, Vista and Microsoft 7 platforms
  • Streamline the collection of information needed to evaluate, measure, and report IT risk and compliance
  • Support OVAL and Xacta HostInfo JavaScript for automated system checks
  • Generate XCCDF-formatted output file containing configuration check results
  • Generate HTML results with links to the National Vulnerability Database showing CVSS base scores for vulnerabilities indexed by CVE identifiers

Xacta IA Manager serves as an USGCB scanner to automate the validation and compliance of systems against USGCB standards and supports the use of SCAP content to determine compliance with USGCB and other XCCDF checklists. 

Xacta IA Manager’s HostInfo supports vulnerability checking by executing Open Vulnerability Assessment Language (OVAL) definitions, then producing vulnerability scan results in HTML format that enable users to easily find details about vulnerabilities. Hyperlinked references to the National Vulnerability Database (NVD) concerning the vulnerabilities are also included, giving users the information they need to further investigate the vulnerability and identify the appropriate remediation strategy.

HostInfo supports compliance checking by executing rules provided in SCAP-based benchmarks and saving the results in an XCCDF formatted output file.  The SCAP features of HostInfo are available in the utility mode of operation. In utility mode, HostInfo can process an XCCDF benchmark document, apply the specified profile, and perform compliance checking in accordance with the rules in the XCCDF document. 

The XCCDF specification allows the use of different checking systems for automatic checks.  HostInfo supports two checking systems: OVAL and Xacta HostInfo JavaScript.  This enables the use of two checking systems in the same XCCDF document.  HostInfo can also include the input benchmark XCCDF data within the resulting XCCDF output document.

Xacta IA Manager users can use this information as part of a system-based risk management effort, as well as create plans of actions and milestones (POA&Ms) for the associated remediation.  Additionally, the output XCCDF document may be used for configuration reporting to authoritative oversight organizations.

XCCDFCCECPE

SCAP is a government-led, multi-agency initiative to enable automation and standardization of technical security operations, such as policy compliance checking. SCAP is based on several evolving standards:

CVE -- Standard nomenclature and dictionary of security related software flaws
CCE -- Standard nomenclature and dictionary of software misconfigurations
CPE -- Standard nomenclature and dictionary for product naming and versioning
XCCDF -- Standard XML for checklists and for reporting results of checklist evaluation
CVSS -- Standard XML schema for vulnerability scoring
OVAL -- Standard XML for defining configuration checks

  1-800-444-9628 © 2012 Telos Corporation