Xacta® Compliance Campaign Manager™ and

Xacta® Compliance Campaign Manager™ and
Xacta® Compliance Campaign Manager™
and the Xacta IA Manager Suite
Xacta CCM works with the Xacta IA Manager
suite to empower you to:
•Create and distribute OCIL-based surveys and
questionnaires for manual security checks
•Enforce the controls you need with content for
the NIST Risk Management Framework
•Achieve 100% Test Plan coverage by directing
non-automatable controls or questions to the
responsible process participants
Xacta CCM is a key element of the Xacta IA Manager
security risk management suite, which enables
agencies and organizations to automate and
streamline all aspects of cybersecurity frameworks
such as the NIST Risk Management Framework
(RMF) and the Cybersecurity Framework for
critical infrastructure (Executive Order 13636).
The core components of the Xacta IA Manager
suite are Xacta Assessment Engine, Xacta CCM,
and Xacta Continuum. Working together, these
components offer an unmatched capability for
identifying, analyzing, and managing risk.
Xacta CCM and the NIST RMF
Xacta IA Manager supports the management of the
NIST RMF from Categorize to Select, Implement,
Assess, Authorize, and Monitor. Xacta CCM works
with Xacta IA Manager to address the Assess
and Monitor steps of the RMF in automating
the risk management process and enabling the
organization to manage and track compliance
with the controls that govern system risk:
In the Assess step, organizations perform tests
(interview, observe, examine) to determine if they
are in compliance with an associated control.
Additionally, the Monitor step is where
organizations keep a constant eye on compliance
with the controls tested in the Assess step.
With Xacta CCM, both steps are automated and
streamlined. The diagram below shows the role of
Xacta CCM working with Xacta IA Manager in the
overall RMF process.
Xacta Assessment Engine
Automating the NIST RMF
Xacta Continuum
Step 3: Implement Controls
Inherent controls
Import hardware and software
Integration with Nessus,
Retina, and HostInfo
Step 3: Import assets
Step 2:
Select Security Controls
Tailoring
Overlays
Custom requirements
Step 4:
Assess Security Controls
Test plan generation
Step 1: Categorize Systems
Data types (NIST and custom)
Step 5: Authorize Systems
Automated risk analysis
POA&M management
Executive interface
Digital signing
Step 6:
Monitor Security Controls
Workflow management
Automated change control
Automated escalation
«««««
Additional Xacta Assessment Engine Features:
Automated workflow
Automated and custom document generation
Role-based access control
NIST SP 800-53
and other regulations
Xacta CCM
NIST SP 800-53
and other regulations
Step 4 enhanced with
automated test
result updates with
Xacta Continuum and
Xacta CCM
Step 6 enhanced with
frequency-based automated
control testing via Xacta Continuum’s HostInfo and frequency-based control testing via
Xacta CCM
Automated
Adaptive MappingTM
and trending
Policies,
control mapping
and trending
HostInfo Agent &
Other Tools
Campaigns
Data from:
WASSP, Retina,
Nessus, others
Based on:
Controls,
questionnaires
Frequency-based,
automated control
testing and
automated tests
Frequency-based
control testing
Asset Management
Users
Xacta CCM and Xacta Assessment Engine Work Together for Compliance Management
Xacta IA Manager is a browser-based suite of tools for security risk management and continuous compliance. Xacta
CCM works in concert with Xacta Assessment Engine to ensure that information used in compliance management
campaigns is always current and that assessment test plans are always up to date with the latest compliance status.
1
8
7
Xacta Assessment Engine server
2) Relevant compliance data from the Xacta Assessment
Xacta Assessment Engine
SERVER
A s sX a c t a
e
E nsgs m e n
ine t
6
Xacta CCM results are
sent back to Xacta
Assessment
Engine
ta
Xac
Campaign
initiated by Xacta
Assessment Engine is
automatically created
3) A compliance official reviews and approves a
2
campaign and distributes the related compliance
surveys to the relevant user community
4) Users respond to the Xacta CCM survey questions
DATA
TRANSFER
5) Responses are logged in Xacta CCM, which calculates
compliance
6) Xacta CCM sends the results to Xacta Assessment
CCM
Engine when the campaign is 100% complete or by
the defined due date
7) The Xacta Assessment Engine Test Plan is updated
Xacta CCM
DATABASE
5
Engine server is transmitted to Xacta CCM
Xacta Assessment Engine
DATABASE
DATA
TRANSFER
1) User requests for compliance status are sent to the
REQUEST
RESPONSE
Xacta CCM
SERVER(S)
RESPONSE
4
8) Responses for current compliance status are sent back
to the user
DATA
TRANSFER
3
Contact Telos for More Information on Streamlining Your Risk
Management Environment with Xacta CCM.
Xacta IA Manager’s integrated approach to continuously monitoring, assessing, analyzing, and
addressing risks in business operations ensures that Xacta CCM works seamlessly with other
components of the Xacta risk management suite. Contact Telos Corporation for more information
on adding Xacta CCM to your Xacta solution.
Xacta CCM is available through NETCENTS-2, EAGLE II, DoD ESI, and the Telos GSA Schedule.
Telos Corporation | 19886 Ashburn Road, Ashburn, VA 20147-2358 | 1.800.70.TELOS | 1.800.708.3567 | Fax 703.724.3865 | www.telos.com
© 2015 Telos Corporation. All rights reserved. XIAM-XCCM-012015
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement