Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/17/2012
05:38 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Agiliance Automates Security Assessment Of Gov Cloud Services

Announces availability of Federal Risk and Authorization Management Program (FedRAMP) Content Pack

Sunnyvale, Calif. - May 15, 2012 - Agiliance®, Inc., the leading independent provider of Security and Operational Risk Management (SRM) solutions for Governance, Risk, and Compliance (GRC) programs, today announced the release of the Agiliance Federal Risk and Authorization Management Program (FedRAMP) Content Pack, which includes the baseline controls required for FedRAMP security assessments and authorizations of Cloud Service Providers (CSPs).

FedRAMP, developed by the National Institute of Standards and Technology (NIST), the U.S. General Services Administration (GSA), the U.S. Department of Defense (DOD), and the U.S. Department of Homeland Security (DHS), provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The FedRAMP security assessment process is also aligned with the security controls and guidance in NIST Special Publication 800-37.

The Agiliance FedRAMP Content Pack encompasses all the security controls that commercial and government CSPs must implement within a cloud computing environment to satisfy FedRAMP requirements. It includes 168 security controls and will be supplemented with the System Security Plan (SSP), Security Assessment Plan (SAP), and Security Assessment Report prior to the Initial Operating Capability of FedRAMP.

"The U.S. government is moving quickly to adopt cloud computing, both for its own datacenter consolidation projects and now for its cloud service providers, in order to improve operational efficiency and real-time security visibility," said Torsten George, vice president of worldwide marketing and products at Agiliance. "With the addition of new cloud security intelligence in the FedRAMP Content Pack, Agiliance enables government agencies to implement continuous monitoring as prescribed by NIST, FISMA, and now FedRAMP."

Agiliance RiskVision can be deployed as a cloud service or on premise. The Agiliance FedRAMP Content Pack with Agiliance RiskVision Compliance Manager exceeds all five requirements for use by FedRAMP authorized Third Party Assessment Organizations in the following ways:

. Increases re-use of existing security assessments across agencies . Saves significant cost, time, and resources - "do once, use many times" . Improves real-time security visibility . Supports risk-based security management . Provides transparency between government and CSPs

Pricing and Availability

The Agiliance FedRAMP Content Pack is available immediately at no cost with the Agiliance RiskVisionT platform.

Please visit the Agiliance website for more details or join us at Gartner Security & Risk Management Summit (booth #84), June 11 - 14, 2012 in National Harbor, MD for a demonstration of Agiliance Security Risk Management solutions.

About Agiliance

Agiliance, founded in late 2005, is the leading independent provider of Security and Operational Risk Management solutions for Governance, Risk, and Compliance (GRC) programs. Agiliance RiskVision enables Global 2000 companies and government agencies to automate their GRC management processes; and the same platform orchestrates incident, threat, and vulnerability actions in real time. Unlike legacy offerings that take nearly a year to deploy, Agiliance customers demonstrate automation use cases within 30 days on-demand, and within 90 days on-premise, made possible by Agiliance RiskVision's configurable platform and applications, with a broad library of technology integrations, and GRC content. Agiliance RiskVision scales with businesses, effectively managing data, assets, people and processes to achieve 100 percent risk and compliance coverage. Its real-time risk analysis leads to optimized business performance and better investment decisions. For more information, please visit www.agiliance.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21354
PUBLISHED: 2021-03-08
Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com...
CVE-2021-21362
PUBLISHED: 2021-03-08
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses ...
CVE-2020-4695
PUBLISHED: 2021-03-08
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.
CVE-2020-4903
PUBLISHED: 2021-03-08
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
CVE-2020-5014
PUBLISHED: 2021-03-08
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.