The Department of Homeland Security and the Department of Justice developed CyberScope, a web-based application designed to streamline IT security reporting for federal agencies. It gathers and standardizes data from federal agencies to support FISMA compliance.
Tenable is uniquely positioned to provide the continuous reporting required by NIST standards for federal agencies. Its solutions combine distributed Nessus vulnerability scanners, credentialed agentless auditing, real-time passive network monitoring, event log collection/correlation and enterprise-scale reporting.
Tenable's Vulnerability, threat and compliance management solutions help government agencies meet the demands of CyberScope reporting, by offering the following features:
- Consolidating distributed active and passive vulnerability scan results into one CyberScope report.
- With a single console to manage separate and discrete federal agencies. Tenable.sc offers tiered controls for users, organizations, vulnerability repositories and consoles for CyberScope reporting.
- The renowned Tenable Research team maintains an extensive set of over 60,000 active and passive plugins covering more than 23,000 unique CVE IDs and 16,000 unique Bugtraq IDs.
- Reports include CVSS scores, CVE IDs, CPE reports and correlation with exploitation tools, when available.
Continuous Monitoring for CyberScope
Tenable enables you to implement true continuous monitoring to meet CyberScope and NIST requirements by combining active and passive scanning with integrated analysis. You can:
- Detect configuration and network device changes through real-time network and log monitoring, and active vulnerability and configuration audits
- Automate and simplify the maintenance of ARF asset reports
- Collect log and event data from a wide variety of sources, adding context and critical metadata to the vulnerability data reported to the CyberScope application
- Update asset lists, CVE vulnerabilities, and CPE information based on hosts discovered through passive vulnerability scanning.
- Complement active scanning by monitoring what has changed on the network since the last scan
- Provide client side vulnerability data for organizations that aren't performing credentialed patch audits