Xacta updates risk management app

Xacta Corp. has rolled out updates to its risk management software, making it easier for officials in federal agencies to maintain and document the state of their information security environment and practices.

The company on Wednesday unveiled Service Pack 2 for Xacta Web certification and accreditation and Xacta Commerce Trust software. The software helps agencies manage their network security risk while documenting security processes in compliance with regulatory requirements such as the Federal Information Security Management Act of 2002 and government requirements such as the National Information Assurance Certification and Accreditation Process. FISMA requires agencies to apply risk management techniques to make their systems more secure.

Service Pack 2 enhancements allow Plan of Action and Milestones reports to be generated and comply with FISMA requirements. The new version also automates the generation of the agency-level security performance report required quarterly by the Office of Management and Budget. The summary report identifies each agency's total number of systems and how many have completed the certification and accreditation processes and other security objectives.

Large government agencies generally have information systems scattered across the country and information technology personnel in each location working to certify the systems for which they are responsible, said Rick Tracy, senior vice president at Xacta. Compiling the certification and accreditation information from all of these locations and putting it into a report has been a manual, time-consuming task, which Xacta has now automated, he said.

"The person [in a federal agency] responsible for answering to OMB has everything at [their] finger tips," Tracy said.

As part of Service Pack 2, users receive Xacta Detect vulnerability scanner plug-ins through Xacta Active Update, a periodic update of Xacta's knowledge database. Xacta Detect scans for the most recently identified security vulnerabilities. Additionally, Service Pack 2 includes the SANS Institute's Top 20 Internet Security Vulnerabilities information. The update also provides new content for Army Regulation 25-2 and Air Force Instruction 33-202, which provide guidelines for information security practices for the two services.

Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.