ACR 2 Products – Automating Risk Assessment

The core of the ACR 2 product line is the automation of the risk assessment protocols developed and maintained by the National Institute of Standards and Technology. This automation reduces the time required for a risk assessment from days to a few hours. Updating can be done in minutes, and may be automated entirely, allowing single point management of risks across hundreds or thousands of networks. Financial customers using ACR 2 Risk Assessment have been audited by a variety of regulators, including the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency

ACR 2 Products Listing
ACR currently has three families of products. They are ACR2Basic, Risk Reporter, and HIPAA Compliance Reporter. Each product family also has various features and products may be combined and deployed in a variety of ways to meet customer needs.

ACR2 Basic family is a user-friendly question based version of the NIST protocols governing information security risk assessments. Risk assessments are required under FISMA, GLBA, HIPAA, NAIC and PCI for best practices compliance. This product allows user to calculate the "Base Line" risk values as defined by NIST 800-30. ACR2 Basic allows one baseline and 52 update risk assessments per year.

Risk Reporter family combines the user friendly ACR2 Basic software with SCAP validated scanning. The Security Content Automation Program (SCAP) is sponsored by the US Department of Homeland Security and focused on protecting the critical information infrastructure of the United States. SCAP validated scanning allows comparision of over 600 workstation settings with Federal best practices recommendations. The output of the SCAP scan is uploaded into Risk Reporter to answer dozens of risk assessment questions with a high degree of documentation. Risk Reporter can be used with any SCAP validated scanning engine.

There are three versions of Risk Reporter; Small Network, Large Network and Enterprise. Risk Reporter - Small Network Edition is a special bundle that includes an SCAP compliant scanning engine licenses from Threat Guard. This system is loaded onto a USB thumb drive and scans one workstation at a time. The bundle is designed for networks with up to 100 workstations. The Threat Guard scanner was one of the first three SCAP validated scanners to achieve that distinction. Risk Reporter - Small Network Edition is sold on a per site license basis. Risk Reporter - Large Network Edition does not include a scanner but is designed to work with any SCAP validated scanner. The Risk Reporter - Large Network Edition requires a console license for each site plus a per workstation (seat) annnual license fee. Risk Reporter Enterprise Edition provides a single management point for any number of Risk Reporter installations.

For additional information, call or email us today!

The HIPAA Compliance Reporter package expands the Risk Reporter Enterprise program to generate a HIPAA compliance report. The report includes all of the 40 CFR part 164 elements except those that involve contractual items under the direction of an attorney. The HIPAA Compliance Reporter includes a console that allows hospitals to assess and monitor the HIPAA security rule compliance status of each of their business associates. The console allows real-time display of the HIPAA security rule compliance status of all active business associates as described in NIST 800-39.

Home  |  Products  |  Privacy  |  Terms of Use  |  Partners  |  News & Events  |  About
Copyright © 2006-2017 ACR 2 Solutions. All rights reserved.