Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/17/2012
05:38 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Agiliance Automates Security Assessment Of Gov Cloud Services

Announces availability of Federal Risk and Authorization Management Program (FedRAMP) Content Pack

Sunnyvale, Calif. - May 15, 2012 - Agiliance®, Inc., the leading independent provider of Security and Operational Risk Management (SRM) solutions for Governance, Risk, and Compliance (GRC) programs, today announced the release of the Agiliance Federal Risk and Authorization Management Program (FedRAMP) Content Pack, which includes the baseline controls required for FedRAMP security assessments and authorizations of Cloud Service Providers (CSPs).

FedRAMP, developed by the National Institute of Standards and Technology (NIST), the U.S. General Services Administration (GSA), the U.S. Department of Defense (DOD), and the U.S. Department of Homeland Security (DHS), provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The FedRAMP security assessment process is also aligned with the security controls and guidance in NIST Special Publication 800-37.

The Agiliance FedRAMP Content Pack encompasses all the security controls that commercial and government CSPs must implement within a cloud computing environment to satisfy FedRAMP requirements. It includes 168 security controls and will be supplemented with the System Security Plan (SSP), Security Assessment Plan (SAP), and Security Assessment Report prior to the Initial Operating Capability of FedRAMP.

"The U.S. government is moving quickly to adopt cloud computing, both for its own datacenter consolidation projects and now for its cloud service providers, in order to improve operational efficiency and real-time security visibility," said Torsten George, vice president of worldwide marketing and products at Agiliance. "With the addition of new cloud security intelligence in the FedRAMP Content Pack, Agiliance enables government agencies to implement continuous monitoring as prescribed by NIST, FISMA, and now FedRAMP."

Agiliance RiskVision can be deployed as a cloud service or on premise. The Agiliance FedRAMP Content Pack with Agiliance RiskVision Compliance Manager exceeds all five requirements for use by FedRAMP authorized Third Party Assessment Organizations in the following ways:

. Increases re-use of existing security assessments across agencies . Saves significant cost, time, and resources - "do once, use many times" . Improves real-time security visibility . Supports risk-based security management . Provides transparency between government and CSPs

Pricing and Availability

The Agiliance FedRAMP Content Pack is available immediately at no cost with the Agiliance RiskVisionT platform.

Please visit the Agiliance website for more details or join us at Gartner Security & Risk Management Summit (booth #84), June 11 - 14, 2012 in National Harbor, MD for a demonstration of Agiliance Security Risk Management solutions.

About Agiliance

Agiliance, founded in late 2005, is the leading independent provider of Security and Operational Risk Management solutions for Governance, Risk, and Compliance (GRC) programs. Agiliance RiskVision enables Global 2000 companies and government agencies to automate their GRC management processes; and the same platform orchestrates incident, threat, and vulnerability actions in real time. Unlike legacy offerings that take nearly a year to deploy, Agiliance customers demonstrate automation use cases within 30 days on-demand, and within 90 days on-premise, made possible by Agiliance RiskVision's configurable platform and applications, with a broad library of technology integrations, and GRC content. Agiliance RiskVision scales with businesses, effectively managing data, assets, people and processes to achieve 100 percent risk and compliance coverage. Its real-time risk analysis leads to optimized business performance and better investment decisions. For more information, please visit www.agiliance.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3272
PUBLISHED: 2021-01-27
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
CVE-2021-3317
PUBLISHED: 2021-01-26
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVE-2013-2512
PUBLISHED: 2021-01-26
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
CVE-2021-3165
PUBLISHED: 2021-01-26
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
CVE-2021-1070
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...