User:ProfLinux/ACAS
 | This is not a Wikipedia article: It is an individual user's work-in-progress page, and may be incomplete and/or unreliable. For guidance on developing this draft, see Wikipedia:So you made a userspace draft. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
ACAS or The Assured Compliance Assessment Solution is an integrated software solution that is scalable to an unlimited number of locations. It is a network-based security compliance and assessment capability designed to provide awareness of the security posture and network health of Department of Defense (DoD) networks. The solution’s tiering ability will give Department of Defense (DoD) enhanced enterprise security while being easy to install and manage. It can be easily deployed via download to all DoD agencies – without the need to procure and install appliance devices. DoD will discover that the ACAS product suite easily provides the required automated network vulnerability scanning, configuration assessment, application vulnerability scanning, device configuration assessment, and network discovery it needs. Further, the product suite generates the required reports and data, with a centralized console, and is SCAP compliant. There is much more to the capabilities of the ACAS and you can find out more information by reading the material referenced below. DISA's Mission Assurance Directorate (MA) is providing program management and supporting the deployment of this solution.
The scope of the ACAS deployment is worldwide. This vast effort requires a support infrastructure to be in place. DISA MA has instituted support services to enable the comprehensive implementation of ACAS to all the combatant commands, Services, agencies and field activities.
MISSION STATEMENT In accordance with Commander, United States Strategic Command (USSTRATCOM) Communications Tasking Order (CTO) 05-19, all DoD Components shall immediately initiate automated enterprise-wide vulnerability scanning on all DoD networks. The Information Assurance (IA)/Computer Network Defense (CND) Enterprise Solutions Steering Group (ESSG) is pursuing the replacement for the Secure Configuration Compliance Validation Initiative (SCCVI) capability for unlimited use across the Department of Defense (DoD) in order to continue to address the need for a vulnerability scanning capability. The Defense Information Systems Agency (DISA), at the request of the United States Strategic Command (USSTRATCOM) and in support of National Security goals established by the President; has purchased from industry, a solution to accurately assess the configuration compliance of DoD enterprise networks and connected systems against DoD standards (e.g. Federal Desktop Core Configuration (FDCC), Security Technical Implementation Guides (STIG), and all known vulnerabilities.
General Capability - Compliance Assessment
•Assess compliance with DoD Information Assurance Vulnerability Messages (IAVMs) and Communications Tasking Orders (CTOs) •Assess compliance with best practice standards, to include DoD Security Technical Implementation Guides (STIGs) on http://iase.disa.mil/stigs/
Vulnerability Scanning:
•Run vulnerability scans using Open Vulnerability and Assessment Language (OVAL), where possible •Perform vulnerability scans using non-OVAL assessments and reports using CVE identifiers •Perform vulnerability and weakness discovery of network architectures and Defense in Depth configurations and report in non-proprietary format
Network Mapping and Discovery:
•Collect Internet Protocol (IP) and Media Access Control (MAC) addresses of discovered devices •Perform inventories of installed operating systems and applications which can be reported in Common Platform Enumeration (CPE) format •Assess running network services on devices and report unauthorized or anomalous services •Provide logical paths (e.g. traceroute) from a central network point to assessed devices to include unauthorized/unexpected routes
Vulnerabilities ACAS monitors these sources for security-related data and potential vulnerabilities:
•Servers •Workstations •Devices (i.e., routers, switches, firewalls) •Applications •Intrusion-Detection Systems •Active and passive vulnerability scans •System logs
ACAS detects vulnerabilities actively by probing a system, or passively by monitoring network traffic to identify systems and their associated vulnerabilities. Passive vulnerability detection adds real-time detection of vulnerabilities between active scans. It is also useful for collecting system and vulnerability information about systems where active scanning is not possible.
Public Vulnerability Databases
-The ACAS system uses many vulnerability databases that are publicly available on the Internet. The databases are third parties that continually maintain information about vulnerabilities, when they are discovered and what risks they pose. The scan results will reference this data and sources. This information is very useful when performing your security analysis.
Compliance Audits
-In addition to vulnerability scanning, ACAS enables you to assess compliance of systems in the DoD networks. Compliance audits measure whether a system meets a given standard, checklist or baseline. Audit procedures and regulatory requirements vary based on region, industry, organization, type of data, and data integrity required.
The ACAS suite is made up of 5 components starting with the Security Center - As the central console for ACAS, Security Center offers the ability to automate and quickly scale an organization’s vulnerability and compliance scanning infrastructure, as well as provide capabilities to allow for management, alerting, and reporting against vulnerability and compliance requirements.
The Security Center does the following:
- Simplifies administration using a single console that manages distributed Nessus scanners for enterprise-wide security and compliance visibility
- Accelerates scans with distributed and load balanced scanning, using a centralized database for faster and more efficient scans
- Delivers advanced analytics including extensive dashboards, built-in and customizable reports that aggregate scan data to help you identify and respond to security and compliance issues
NESSUS User Interface - A fully capable scanner covers a breadth of checks, including unique Common Vulnerabilities and Exposures (CVEs), and successfully operates across different environments. The versatile Nessus® vulnerability scanner provides patch, configuration, and compliance auditing; mobile, malware, and botnet discovery; sensitive data identification; and many other features.
With a continuously updated library of more than 60,000 plugins and the support of Tenable’s expert vulnerability research team, Nessus delivers accuracy to the marketplace. Nessus provides multi-scanner support, scales to serve the largest organizations, and is easy to deploy on premise or in the Amazon Web Services (AWS) cloud.
NESSUS can do a variety of things including:
- Broad Asset Coverage & Profiling - Discovers a wide variety of physical and virtual devices on your corporate network and identifies the operating systems, applications, databases, and services running on those assets.
- Mobile Device Auditing - Integrates with Apple Profile Manager, Microsoft® Exchange via Active Directory, and Good Technology Good for Enterprise to provide a comprehensive view of an organization’s mobile/BYOD environment and its vulnerability status.
- Botnet/Malicious Process/Anti-virus Auditing - Detect known or suspicious malicious processes and botnets. Nessus enhances an organization's anti-virus strategy by red-flagging threats that often slip through the cracks, helping fight malware and advanced persistent threat (APT).
- Patch Management Integration - Integrates with patch management systems – IBM Tivoli Endpoint Manager (TEM) for Patch Management, Microsoft SCCM, Microsoft WSUS, Red Hat Network Satellite Server, and VMware Go – to retrieve status information for devices being managed by those systems.
- Sensitive Content Auditing - Performs agentless content audits of Windows- and UNIX-based systems to identify sensitive information (PII - credit cards, SSNs; “Top Secret”; employee data) and adult content. Use Nessus to audit and enforce policies that lower your organization's risk of breach or data loss.
- SCADA/Control Systems Auditing - Using SCADA plugins available through a partnership with Digital Bond, Nessus scans SCADA devices to find known and newly-discovered vulnerabilities. Nessus also audits compliance with configuration policies and best practices for SCADA environments.
xTool - Converts DISA distributed eXtensible Checklist Configurations Description Format (XCCDF) files into Tenable's Extensible Markup Language (XML) format, which allows the files to be imported into SecurityCenter and easily customized, if necessary. The X-Tool also imports and converts Open Vulnerability Assessment Language (OVAL) vulnerability files for upload into SecurityCenter.
3D Tool - The Topology Viewer imports asset data from the Nessus scanner or SecurityCenter and provides graphical analysis information such as network and protocol maps, communication paths, and vulnerability maps. The Topology Viewer also imports and converts Open Vulnerability Assessment Language (OVAL) vulnerability files for upload into SecurityCenter.
Passive Vulnerability Scanner - The PVS monitors network traffic in real-time. It determines server and client side vulnerabilities and sends these to Security Center in real-time. It continuously looks for new hosts, new applications and new vulnerabilities without requiring the need for active scanning. PVS enables 100% discovery of systems, their vulnerabilities and inappropriate relationships. Tenable’s Passive Vulnerability Scanner is the industry’s only continuous vulnerability monitor that identifies server- and client-side vulnerabilities in new or transient assets. PVS is essential for:
- Full asset discovery including mobile and virtual devices and cloud-based applications
- Identification of risks from assets, applications, and services
- Insight into services, security vulnerabilities, suspicious network relationships, and compliance violations.
Tenable Network Security is the developer for ACAS and was named the assured compliance assessment solution for the Defense Information Systems Agency. Tenable's technology was selected by DISA because it met DISA's requirements for a fully-integrated vulnerability assessment platform offering. Tenable's technology offers a continuous visibility across the enterprise by coupling active and passive scanning. By combining Nessus' unmatched breadth of vulnerability checks with PVS's real-time monitoring, Tenable offers DISA the most comprehensive scanning and configuration auditing solution available, while overcoming the shortcomings of point-in-time scanning strategies. A strategy focused on maximizing architectural flexibility. Tenable's solution provides optimal distribution and tiering capabilities throughout the suggested architecture. This, coupled with open ended licensing, allows the DoD to move at speeds necessary to properly support the warfighter. The combination of two premier technology companies in HP and Tenable Network Security. This pairing provides a service and solution team that is uniquely qualified to support this mission critical endeavor. Tenable Network Security is relied upon by more than 20,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its solutions continue to set the standard to identify vulnerabilities, prevent attacks and comply with a multitude of regulatory requirements.