Xacta^® IA Manager: Features and Minimum System Requirements.

Xacta IA Manager’s risk and compliance management features coupled with its process automation capabilities enable:

Implementation Priority: In support of NIST 800-53 Revision 4, “Recommended Security Controls for Federal Information Systems and Organizations”

Continuous Monitoring: Streamlines processes for continuous monitoring and security risk assessment.

CyberScope-ready Output: Formats output according to the Security Content Automation Protocol (SCAP) for consumption by CyberScope for FISMA reporting.

Extensible Publishing: Fast and easy modification of existing templates and simpler creation of new ones; includes a complete array of standard templates for DIACAP documentation as well as the new CAP-IT (Certification and Accreditation Package Input Toolkit) format

Controls Inheritance: Allows common security controls to be inherited across systems for operations in the relevant hierarchy branch to reduce the complexity and cost of security administration

Privacy Impact Assessments (PIA): Supports production of privacy impact assessments (PIA) in keeping with federal guidelines

Reference Relationships: Establishes reference-extension relationships between projects to ensure accurate configuration notifications and reporting for “type-accredited” systems protections

Asset Awareness / Hardware / Software Inventory: Capture and report on a rich collection of demographic information regarding each IP device — asset inventory, physical location and ownership information, operating system configuration data, and hardware and software inventory.

Security Configuration Scanning: Continuously check on the status of your systems to ensure they’re optimized for greatest security.

Security Requirements Evaluation: Relate IT asset data to an extensive set of security requirements that are provided with the IA Manager knowledge base.

Publishing and Reporting: Automatically generate the documentation needed to report on and comply with the leading compliance regulations, including DIACAP, NIST, CNSS, FISMA, ISO 27002, HIPAA, and GLBA.

USGCB/ SCAP: Simplify asset configuration compliance auditing to ensure compliance with United States Government Configuration Baseline (USGCB) checklists for Windows platform scanner capability; continuously scan endpoint systems for patches and vulnerabilities by leveraging Security Content Automation Protocol (SCAP) content

Continuous Risk and Compliance Assessment: The only commercially available product that is able to perform continuous risk and compliance assessment as an on-going business process as specified in standards such as DIACAP (Phase IV), NIST 800-37 (Risk Management Framework), and NIST 800-137 (Continuous Monitoring).

Automated Vulnerability Assessment and Management: Automate the correlation between your vast inventory of devices and the ever-increasing array of vulnerabilities encountered every day; includes manual and automated mechanisms necessary to quickly add new vulnerabilities to the Xacta IA Manager knowledge-base, integrated asset discovery utilities, and vulnerability scanning tools that are required to detect the presence of known vulnerabilities.

Automated Vulnerability Remediation: Xacta IA Manager’s process integration capabilities enable you to respond immediately to critical situations by programming vulnerabilities to automatically trigger the appropriate actions. You can alert key personnel and automate the distribution and installation of critical software patches and upgrades across the enterprise, assuring that your security posture is always current.

Vulnerability Risk and Compliance Reporting: Xacta IA Manager allows you to determine compliance and risk posture as it relates to vulnerabilities by comparing vulnerability information to your asset information and determining which assets are susceptible.

Minimum System Requirements for Xacta^® IA Manager Product Suite 

All specifications listed are "minimums." For best performance, Telos^® recommends multi-CPU servers and additional RAM.

Client Specifications

• Operating System – Microsoft XP, Microsoft Vista, Microsoft 7
• MS Office – MS Office 2003 or greater⁶
• PDF –Adobe Acrobat Reader 8.0 or higher⁶
• Browser –Internet Explorer 8 or Firefox 3.x (TLS 1.0 and JavaScript enabled)

Assessment Engine

Assessment Engine can be scaled from single user workstations, organizational networks, all the way up to enterprise implementation. The Xacta IA Manager technologies are database driven web applications.¹

Deployment Option – Single Server

• Recommended for small networks or for a standalone system typically employed by those performing static compliance/risk assessments
• Suitable for up to 10 projects

Application, Database and Publishing Servers

• Dual core processor (2.65GHZ processors) or faster
• 4GB RAM
• 120GB Hard Drive
• MS Windows 2003 / Vista^2,8 /Windows 7⁸
• MS Office³ 2003/2007 / 2010
• MS .NET 3.5, Service Pack 1 or higher
• MS SQL Server Express 2008⁴ (provided on install CD) or MS SQL Server 2005 / 2008
• Windows Installer 4.5 (required for MS SQL Express 2008 installs)

Deployment Option – Standard Network

• Recommended for medium-sized enterprises or regional installations that are part of a larger distributed installation
• Suitable for up to 50 projects
• Recommended configuration for a standard network deployment consists of two server-class machines: an application server and a database/publishing server

 Application Server

• Dual core processors (2.6 GHZ processors) or faster
• 8GB RAM (4 GB allocated to JVM)
• 200GB Hard Drive
• MS Windows Server 2003 x64 Edition/2008 x64 Edition

 Database and Publishing Servers

• Dual core processors (2.6 GHZ processors) or faster
• 8GB RAM
• 300 GB Hard Drive
• MS Windows Server 2003/2008⁸ or Unix (DB only)
• MS Office³ 2003 / 2007 / 2010
• MS SQL Server 2005 / 2008 or Oracle 10g / 11g
• MS .NET 3.5, Service Pack 1 or higher

Deployment Option – High Volume⁷

• Recommended for enterprises having greater than 50 projects and wishing to maintain centralized control over the data
• The recommended configuration for a high-volume network deployment consists of three server-class machines: an application server, a database server, and a publishing server.

 Application Server

• Dual, Quad core x64 processors (2.6 GHZ Processor) or faster
• 12GB RAM (8 GB allocated to JVM)
• 500 GB Hard Drive
• MS Windows Server 2003 x64 Edition/2008 x64 Edition

 Database Server⁵

• Dual, Quad core x64 processors (2.6 GHZ Processor) or faster
• 12 GB RAM (Oracle: 8 GB allocated for SGA)
• 1 TB Hard Drive
• MS Windows Server x64 2003/x64 2008 or Unix x64
• MS SQL Server x64 2005/2008 or Oracle 10g / 11g

 Publishing Server

• Dual, Quad core x64 processors (2.6 GHZ Processor) or faster
• 4 GB RAM
• 100 GB Hard Drive
• MS Windows Server 2003/2008^2,8
• MS Office³ 2003 / 2007 / 2010
• MS .NET 3.5, Service Pack 1 or higher

Continuous Assessment

Continuous Assessment is comprised of Xacta® Asset Manager™ and one or more Xacta® Detect™ Servers.  Xacta® Asset Manager™ is the central repository for asset information reported by Xacta® Detect Server. Xacta® Detect Server passes asset information requests by Asset Manager™ to HostInfo agents. A single Xacta® Detect Server can communicate with up to 10,000 HostInfo agents. For smaller environments of less than 500 agents, Xacta® Asset Manager™ and Xacta® Detect Server can be installed on a single server. Both Xacta® Asset Manager™ and Xacta® Detect Server require access to a database management system (DBMS).

Basic Deployment (up to 2,000 agents)

Xacta Asset Manager

Application Server

• Dual core processors (2.6 GHZ processors) or faster
• 8GB RAM (4 GB allocated to JVM)
• 200GB Hard Drive
• MS Windows Server 2003 x64 Edition/2008 x64 Edition

Database Server

• Dual core processors (2.6 GHZ processors) or faster
• 8GB RAM
• 300 GB Hard Drive
• MS Windows Server 2003/2008 or Unix
• MS SQL Server 2005 / 2008 or Oracle 10g / 11g

 Xacta Detect Server⁵

Application Server

• Dual core processors (2.6 GHZ processors) or faster
• 4GB RAM (8GB for x64)
  (1.5 GB allocated to JVM/4GB for x64)
• 100GB Hard Drive
• MS Windows Server 2003 / 2008

Database Server

• Dual core processors (2.6 GHZ processors) or faster
• 8GB RAM
• 200 GB Hard Drive
• MS Windows Server 2003/2008 or Unix
• MS SQL Server 2005 / 2008 or Oracle 10g / 11g

Enterprise Deployment (Greater than 2,000 agents)

Xacta Asset Manager

Application Server

• Dual core processors (2.6 GHZ processors) or faster
• 10 GB RAM (6GB allocated to JVM)
• 200 GB Hard Drive
• MS Windows Server 2003 x64 Editiona / 2008 x64 Edition

Database Server

• Dual core processors (2.6 GHZ processors) or faster
• 16 GB RAM
• 500 GB Hard Drive
• MS Windows Server 2003/2008 or Unix
• MS SQL Server 2005/2008 or Oracle 10g/11g

Xacta Detect Server⁵
(Recommend no more than 4,000 agents per Detect Server)

Application Server

• Dual core processors (2.6 GHZ processors) or faster
• 4 GB RAM (8GB for x64)
  (1.5 GB allocated to JVM / 4GB for x64)
• 200 GB Hard Drive
• MS Windows Server 2003/2008 (x64 recommended)

Database Server

• Dual core processors (2.6 GHZ processors) or faster
• 8 GB RAM
• 300 GB Hard Drive
• MS Windows SErver 2003/2008 or Oreacle 10g/11g

Xacta^® HostInfo™

This is a family of host-specific software used for security-relevant configuration information collection and assessment. HostInfo™ can be run as a one-time executable or installed as an agent to support Continuous Assessment and Process Enforcer. 

Platforms Supported

• MS Windows 2000/XP/2003/2008/Vista/7

Process Enforcement

Process Enforcement is comprised of Xacta Distribution Manager™ and Process Enforcement.  Xacta Distribution Manager™ manages remediation packages. Process Enforcement manages workflows, and it has two client components.  Both Xacta Distribution Manager™ and Xacta Process Enforcement require access to a database management system (DBMS).

Xacta Distribution Manager Server

• Dual core processor (2.65GHZ processors) or faster
• 2GB RAM
• 120GB Hard Drive
• MS Windows Server 2003
• MS SQL Server Express⁴ (provided on install CD), MS SQL Server 2000 SP3/2005, or Oracle 9i/10g
• Windows Installer 4.5 (required for MS SQL Express 2008 installs)

Process Enforcement Server

• Dual core processor (2.65GHZ processors) or faster
• 4GB RAM
• 240GB Hard Drive
• MS Windows Server 2003
• MS SQL Server Express⁴ (provided on install CD), MS SQL Server 2000 SP4/2005, or Oracle 9i/10g
• Windows Installer 4.5 (required for MS SQL Express 2008 installs)

Process Enforcement Clients

Process enforcement Design Console

• Dual core processor (2.65GHZ processors) or faster
• 1GB RAM
• MS Windows Server/Professional 2000/XP

Task Manager and Report Tool

• Dual core processor (2.65GHZ processors) or faster
• 1GB RAM
• MS Windows Server/Professional 2000/XP
• Internet Explorer v6

Notes:

¹Recommended Installation and Administration Skills: MS Windows administration skills, MS SQL Server or Oracle database administration knowledge, and general Internet and TCP/IP networking knowledge.
²For Windows Vista and 2008, the Publisher component of Assessment Engine requires special configuration after installation in order to support PDF document/report production. (Please review reference manual for configuration instructions.)
³MS Office Installation: The Xacta Publisher component requires all MS Word files and libraries to be installed. Therefore, when you run the MS Office installation program, you should select the full installation option, referred to as "Run from my computer" in the MS Office installation routine. Do not select the "Run from CD" or "Typical Installation" option. The Xacta Publisher requires valid administrator login for proper operation. All MS Word documents are published in MS Office 97-2003 mode.
⁴MS SQL Express (formerly known as MSDE) has 4GB limitation and is only recommended for small environments.
⁵Detect Server's discovery scanning functionality is only supported when installed on a supported, 32-bit platform. PDF signing is currently not available.
⁶MS Office (Word and Excel) and Adobe Acrobat Reader are required on client systems for viewing of published documents.
⁷High Volume deployments running under VMs require CPU and memory reservations as specified in the above chart. 
⁸For Windows Vista, 7 and 2008, the Publisher component of Assessment Engine must be run on a 32 bit version of the OS.