Now there’s a solution for taking control of your ever-changing cyber risk management and compliance landscape. Xacta.ioTM correlates scan results from multiple security products across your organization into a single view, and maps them to the relevant controls for security and risk management, such as NIST 800-53, CNSS 1253, DoDi 8500.2, ISO, and others. You can then use these results to create reports for continuous security assessment and to understand trending security issues in the environment.
Xacta.io is 100% SCAP compliant and accepts configuration and vulnerability data captured from a long list of security tools that assess hosts, application servers, databases, and source code. Our flexible API architecture allows you to integrate with any third-party security tool. Configuration and vulnerability data that can’t be automatically captured can be easily collected using Xacta 360.
With capabilities unmatched in the industry, Xacta.io gives security analysts an unprecedented understanding of their asset vulnerability landscape.
Adaptive Mapping™: The Key to Continuous Compliance.
Adaptive Mapping is Xacta.io’s unique capability for bridging the gaps between system vulnerabilities and their related controls. It dynamically maps the content from various vulnerability schemas to the relevant controls in a relationship model. It automatically detects and plots the points of intersection among vulnerabilities, controls, and assets. And, the model grows as new sources of information such as third-party scans are added.
With Adaptive Mapping, security testers and assessors can look across multiple security feeds and understand how they influence a variety of controls and requirements for a particular product or system.
Cascading Analytics: Analyze Many Assets with Less Effort.
Xacta.io can adaptively cascade the vulnerability analysis performed on an asset to all other related assets and tests. This process of analyzing and cascading can be repeated across your environment until all assets are analyzed.
Cascading Analytics is revolutionary in its approach to increasing productivity while decreasing vulnerability analysis efforts on the part of the user. Analyze just a few assets and let Cascading Analytics apply that analysis to the rest.
Xacta HostInfo: Gather the information needed for security assurance.
This family of platform-specific executables collects and provides security-relevant configuration information to the Xacta Detect server for assessment. Xacta HostInfo also supports NIST SCAP-validated testing capabilities to determine compliance with USGCB and other XCCDF checklists.
Xacta: USGCB-SCAP support for greater assurance of your security posture.
Xacta works with USGCB scanners to automate the validation and compliance of systems against USGCB standards and supports the use of SCAP content to determine compliance with USGCB and other XCCDF checklists as well as regulatory controls such as DOD 8500.2 and NIST 800-53.
Xacta users can utilize this information as part of a system-based risk management effort, as well as create plans of actions and milestones (POA&Ms) for the associated remediation. Additionally, collected XCCD documents can be converted into reports to authoritative oversight systems such as CyberScope.
Xacta is able to work with SCAP-compliant tools such as:
Configuration / Patch Management: BeyondTrust Retina, Shavlik, SolarWinds, VMware
SCAP is a government-led, multi-agency initiative to enable automation and standardization of technical security operations, such as policy compliance checking. SCAP is based on several evolving standards:
CVE — Standard nomenclature and dictionary of security related software flaws
CCE — Standard nomenclature and dictionary of software misconfigurations
CPE — Standard nomenclature and dictionary for product naming and versioning
XCCDF — Standard XML for checklists and for reporting results of checklist evaluation
CVSS — Standard XML schema for vulnerability scoring
OVAL — Standard XML for defining configuration checks