Versions Compared

Old Version 10

changes.mady.by.user Max Pinion (Deactivated)

Saved on

compared with

New Version 11

changes.mady.by.user Max Pinion (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • FDCC Scanner
  • Authenticated Configuration Scanner
  • Authenticated Vulnerability and Patch Scanner

Implementation

SCAP

SCAP is a public specification that provides standardized and automated security configurations, and vulnerability assessments. SCAP comprises the following standards:

...

SAS embraces the SCAP standard and can import SCAP content into the Arellia Management Server and allows for the continuous monitoring of security configuration management issues that arise due to system vulnerability and misconfiguration on endpoints within an organization.

Through fully automated processes, users can define policies that enforce the assessment of tailored SCAP profiles on a scheduled basis, optionally followed by automated remediation to keep their managed computers compliant. The results of these assessments and remediation are all collected and stored in the CMDB, allowing for rich reporting, alerting and data exchange. All data imported and collected can be leveraged to precisely identify specific conditions and turned into actionable tasks, furthering configuration compliance.

XCCDF

Arellia Security Analysis Solution is compatible with Extensible Configuration Checklist Description Format (XCCDF) . For further details, go to [REVIEW] SAS 8.x Overview

XCCDF

SAS is compatible with XCCDF benchmarks and other types of checklists that adhere to the XCCDF specification including industry -standard ones from FDCC, USGCB, HIPAA, SOX and PCI-DSS.standards from:

Federal Desktop Core Confederation (FDCC)

United States Government Configuration Baseline (USGCB)

Health Insurance Portability and Accountability Act (HIPAA)

Sarbanes-Oxley Act (SOX)

Payment Card Industry Data Security Standard

These benchmarks can be downloaded directly within the product on the Download Profiles page, which presents a list of links to the author's published content from sources such as NIST. The product also supports uploading multiple benchmarks or other checklists through the web browser interface, directly from the user's file system in the form of XML files or compressed (ZIP) files of XML documents.

...