Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/17/2012
05:38 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Agiliance Automates Security Assessment Of Gov Cloud Services

Announces availability of Federal Risk and Authorization Management Program (FedRAMP) Content Pack

Sunnyvale, Calif. - May 15, 2012 - Agiliance®, Inc., the leading independent provider of Security and Operational Risk Management (SRM) solutions for Governance, Risk, and Compliance (GRC) programs, today announced the release of the Agiliance Federal Risk and Authorization Management Program (FedRAMP) Content Pack, which includes the baseline controls required for FedRAMP security assessments and authorizations of Cloud Service Providers (CSPs).

FedRAMP, developed by the National Institute of Standards and Technology (NIST), the U.S. General Services Administration (GSA), the U.S. Department of Defense (DOD), and the U.S. Department of Homeland Security (DHS), provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The FedRAMP security assessment process is also aligned with the security controls and guidance in NIST Special Publication 800-37.

The Agiliance FedRAMP Content Pack encompasses all the security controls that commercial and government CSPs must implement within a cloud computing environment to satisfy FedRAMP requirements. It includes 168 security controls and will be supplemented with the System Security Plan (SSP), Security Assessment Plan (SAP), and Security Assessment Report prior to the Initial Operating Capability of FedRAMP.

"The U.S. government is moving quickly to adopt cloud computing, both for its own datacenter consolidation projects and now for its cloud service providers, in order to improve operational efficiency and real-time security visibility," said Torsten George, vice president of worldwide marketing and products at Agiliance. "With the addition of new cloud security intelligence in the FedRAMP Content Pack, Agiliance enables government agencies to implement continuous monitoring as prescribed by NIST, FISMA, and now FedRAMP."

Agiliance RiskVision can be deployed as a cloud service or on premise. The Agiliance FedRAMP Content Pack with Agiliance RiskVision Compliance Manager exceeds all five requirements for use by FedRAMP authorized Third Party Assessment Organizations in the following ways:

. Increases re-use of existing security assessments across agencies . Saves significant cost, time, and resources - "do once, use many times" . Improves real-time security visibility . Supports risk-based security management . Provides transparency between government and CSPs

Pricing and Availability

The Agiliance FedRAMP Content Pack is available immediately at no cost with the Agiliance RiskVisionT platform.

Please visit the Agiliance website for more details or join us at Gartner Security & Risk Management Summit (booth #84), June 11 - 14, 2012 in National Harbor, MD for a demonstration of Agiliance Security Risk Management solutions.

About Agiliance

Agiliance, founded in late 2005, is the leading independent provider of Security and Operational Risk Management solutions for Governance, Risk, and Compliance (GRC) programs. Agiliance RiskVision enables Global 2000 companies and government agencies to automate their GRC management processes; and the same platform orchestrates incident, threat, and vulnerability actions in real time. Unlike legacy offerings that take nearly a year to deploy, Agiliance customers demonstrate automation use cases within 30 days on-demand, and within 90 days on-premise, made possible by Agiliance RiskVision's configurable platform and applications, with a broad library of technology integrations, and GRC content. Agiliance RiskVision scales with businesses, effectively managing data, assets, people and processes to achieve 100 percent risk and compliance coverage. Its real-time risk analysis leads to optimized business performance and better investment decisions. For more information, please visit www.agiliance.com.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21360
PUBLISHED: 2021-03-09
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic ...
CVE-2021-21361
PUBLISHED: 2021-03-09
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed...
CVE-2021-24033
PUBLISHED: 2021-03-09
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoke...
CVE-2021-21510
PUBLISHED: 2021-03-08
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
CVE-2020-27575
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.