Tailor baseline security controls by applying scoping, parameterization and compensating control guidance, as well as supplemental controls, control enhancements and/or control overlays.
Authorization Boundary Definition
Capture essential attributes and details of information systems, clearly define the authorization boundary for system components, and define key stakeholders and A&A team roles.
Authorization Package Creation and Approval Workflow
Capture all required data points, create properly formatted authorization package artifacts, and route for review and approval with a workflow tailored to your organization.
Categorize information systems based on risk and impact factors, and document factors used to justify the designated security category.
Issue Remediation (POA&M)
Track the status of issues, report and escalate issues, and notify issue owners and reviewers as part of the follow-up and escalation process.
Automatically Updated Reports and Authorization Artifacts
Reports and dashboards are updated automatically and labor-intensive documents like the system security plan (SSP) and security assessment report (SAR) can be refreshed with a single click.
Complete Security Control Assessment
Capture information to determine if controls are implemented correctly, operating as intended and producing desired outcomes.
Monitoring Strategy and Ongoing Authorization (OA)
Identify security controls to be monitored, define the frequency of monitoring for controls sorted by group, and create a monitoring strategy for reassessment of controls.
Formatted System Security Plan
Automatically create a formatted SSP with current and authoritative data points for near real-time risk management and ongoing authorization.
Integration with RSA Archer Continuous Monitoring provides true event-based and time-based ongoing authorization (OA) capabilities.
Helps to reduce IT and security risks
May yield savings in labor hours
Facilitates informed decision-making
RSA Archer Public Sector Solutions
RSA Archer Public Sector solutions are purpose-built to meet the unique needs of U.S. federal agencies, providing capabilities essential to an effective information assurance program.
"Previously, maturity levels were estimated, but now that we have the risk assessments as part of the [RSA Archer] tool, we’ve been able to integrate the two so that the 40 key controls in the Texas Cybersecurity Framework are linked to the NIST controls. This enables organizations to view the findings they have in each of those key controls and gives them a better method for establishing or rating their maturity levels, which is particularly useful."
Governance, Risk and Compliance Program Manager Texas Department of Information Resources
Continuous Monitoring: Introduction & Considerations, Part 1The first in a two-part series, this white paper explores the sometimes daunting subject of continuous monitoring (CM) and how to successfully manage your CM program. Intended for security professionals who are new to CM, this first part discusses common misconceptions and provides definitions, an introduction and a brief history of CM.