Risk Reporter

ACR2's Risk Reporter™ (RR) deploys state of the art enterprise risk management technology to allow you to meet full FISMA requirements. The software supports SCAP vulnerability scan data imports and direct input or uploads of syslog data from perimeter security devices. Policy inputs include FISMA specific questions and enhanced reporting. The Enterprise console enables the monitoring of the FISMA compliance status of subnets or remote locations. The enterprise console allows access to real-time display of the compliance status of all active accounts as described in NIST 800-30.

Figure 1
Fig. 1 - Risk Reporter Enterprise Console

Risk Reporter Benefits

  • Roadmap to full FISMA compliance
  • Continuously updated using Federal standards
  • Available as Appliance, VM or SaaS
  • Secure Input (SSL)
  • Encrypted Storage of input data
  • Encrypted PDF Reports
  • SCAP vulnerability scan manual import or daily capture
  • Supports IPS/AV manual import or daily capture

Risk Reporter Features

  • We read the regulations, so you don't have to!
  • Annual subscription-based program
  • Protects your data
  • Auditable reports
  • Uses approved NIST methods
  • Automates time consuming processes
  • Automates extraction of syslog data

Achieving FISMA Compliance

  1. Scan the computer network using an SCAP validated vulnerability scanner.
  2. Conduct a risk assessment using the NIST 800-30 protocol.
  3. Implement safeguards to protect against the risks identified during the risk assessment and SCAP vulnerability scan.

How it works - the technology

The overall ACR2 automated risk management process is shown in fig. 2. IPS and Anti-Virus data, network scan data, and policy data are input into the Risk Calculation Engine. This creates the Results Documentation Report and the Control Recommendations Report. The changes in controls are implemented and the changes are added to the risk engine, along with updated Scan and IPS/AV data. This cycle can be repeated as often as daily, with reports on demand, on schedule or on alarm.

Figure 2
Fig. 2 - Risk Reporter Flow Diagram (Micro View)

Risk Reporter Enterprise™

The enterprise managment compliance package includes a console that allows for disttribed access and viewing of the compliance status of all of remote locations or subnets. This uses an implementation of technology developed under the sponsorship of the US Department of Homeland Security. The console allows the location to review and display the FISMA compliance status of each or all active locations that have been configured and given authorized access.

Figure 3
Fig. 3 - Risk Reporter Flow Diagram (Macro View)

Glossary of Abbreviations

  • AV - Anti-Virus
  • IPS - Intrusion Prevention System
  • NIST - National Institute of Standards and Technology
  • SCAP - Security Content Automation Protocol
  • Syslog - System Log output from security devices
  • UTM - Unified Threat Management System
Model / Part Number Product Name
RR-xyz (family) Risk Reporter ™
RR-ENT (family) Risk Reporter Enterprise ™
Home  |  Products  |  Privacy  |  Terms of Use  |  Partners  |  News & Events  |  About
Copyright © 2006-2017 ACR 2 Solutions. All rights reserved.