Xacta updates risk management app

Xacta Corp. has rolled out updates to its risk management software, making it easier for officials in federal agencies to maintain and document the state of their information security environment and practices.

The company on Wednesday unveiled Service Pack 2 for Xacta Web certification and accreditation and Xacta Commerce Trust software. The software helps agencies manage their network security risk while documenting security processes in compliance with regulatory requirements such as the Federal Information Security Management Act of 2002 and government requirements such as the National Information Assurance Certification and Accreditation Process. FISMA requires agencies to apply risk management techniques to make their systems more secure.

Service Pack 2 enhancements allow Plan of Action and Milestones reports to be generated and comply with FISMA requirements. The new version also automates the generation of the agency-level security performance report required quarterly by the Office of Management and Budget. The summary report identifies each agency's total number of systems and how many have completed the certification and accreditation processes and other security objectives.

Large government agencies generally have information systems scattered across the country and information technology personnel in each location working to certify the systems for which they are responsible, said Rick Tracy, senior vice president at Xacta. Compiling the certification and accreditation information from all of these locations and putting it into a report has been a manual, time-consuming task, which Xacta has now automated, he said.

"The person [in a federal agency] responsible for answering to OMB has everything at [their] finger tips," Tracy said.

As part of Service Pack 2, users receive Xacta Detect vulnerability scanner plug-ins through Xacta Active Update, a periodic update of Xacta's knowledge database. Xacta Detect scans for the most recently identified security vulnerabilities. Additionally, Service Pack 2 includes the SANS Institute's Top 20 Internet Security Vulnerabilities information. The update also provides new content for Army Regulation 25-2 and Air Force Instruction 33-202, which provide guidelines for information security practices for the two services.