Now there’s a solution for taking control of your ever-changing security compliance landscape. Xacta Continuum® correlates scan results from multiple security products across your organization into a single view, and maps them to the relevant controls for security and risk management, such as NIST 800-53, CNSS 1253, DoDi 8500.2, ISO, and others. You can then use these results to create reports for continuous security assessment and to understand trending security issues in the environment.
Xacta Continuum gives you:
Xacta Continuum is 100% SCAP compliant and accepts configuration and vulnerability data captured from a long list of security tools that assess hosts, application servers, databases, and source code. Our flexible but powerful plug-in development interface allows you to create plug-ins to support any third party scanning tool. Configuration and vulnerability data that can’t be automatically captured can be easily collected using the Xacta Assessment Engine.
With capabilities unmatched in the industry, Xacta Continuum gives security analysts an unprecedented understanding of their asset vulnerability landscape.
Adaptive Mapping™: The Key to Continuous Compliance.
Adaptive Mapping is Xacta Continuum’s unique capability for bridging the gaps between system vulnerabilities and their related controls. It dynamically maps the content from various vulnerability schemas to the relevant controls in a relationship model. It automatically detects and plots the points of intersection among vulnerabilities, controls, and assets. And, the model grows as new sources of information such as third-party scans are added.
With Adaptive Mapping, security testers and assessors can look across multiple security feeds and understand how they influence a variety of controls and requirements for a particular product or system.
Cascading Analytics: Analyze Many Assets with Less Effort.
Xacta Continuum can adaptively cascade the vulnerability analysis performed on an asset to all other related assets and tests. This process of analyzing and cascading can be repeated across your environment until all assets are analyzed.
Cascading Analytics is revolutionary in its approach to increasing productivity while decreasing vulnerability analysis efforts on the part of the user. Analyze just a few assets and let Cascading Analytics apply that analysis to the rest.
Xacta HostInfo: Gather the information needed for security assurance.
This family of platform-specific executables collects and provides security-relevant configuration information to the Xacta Detect server for assessment. Xacta HostInfo also supports NIST SCAP-validated testing capabilities to determine compliance with USGCB and other XCCDF checklists.
Xacta: USGCB-SCAP support for greater assurance of your security posture.
Xacta works with USGCB scanners to automate the validation and compliance of systems against USGCB standards and supports the use of SCAP content to determine compliance with USGCB and other XCCDF checklists as well as regulatory controls such as DOD 8500.2 and NIST 800-53.
Xacta users can utilize this information as part of a system-based risk management effort, as well as create plans of actions and milestones (POA&Ms) for the associated remediation. Additionally, collected XCCD documents can be converted into reports to authoritative oversight systems such as CyberScope.
Xacta is able to work with SCAP-compliant tools such as:
Configuration / Patch Management: BeyondTrust Retina, Shavlik, SolarWinds, VMware
SCAP is a government-led, multi-agency initiative to enable automation and standardization of technical security operations, such as policy compliance checking. SCAP is based on several evolving standards:
CVE — Standard nomenclature and dictionary of security related software flaws
CCE — Standard nomenclature and dictionary of software misconfigurations
CPE — Standard nomenclature and dictionary for product naming and versioning
XCCDF — Standard XML for checklists and for reporting results of checklist evaluation
CVSS — Standard XML schema for vulnerability scoring
OVAL — Standard XML for defining configuration checks
Correlate results from multiple security scans into a single view and map them to the relevant controls for simpler vulnerability analysis
Collect the diverse range of data you need for continuous security assessment
Reduces the time needed to analyze and confirm vulnerability analysis findings across hundreds of assets
Utilize trending reports for greater understanding of how vulnerability analysis findings have changed over time
Increase analysts’ effectiveness in understanding extensive security results
Standardize your security approach and methodology by using centralized repositories of mappings to controls