Designed for federal government use, Stave Cybersecurity Manager is an operational compliance solution for NIST SP 800-37 Risk Management Framework (RMF). The software automates security and compliance workflows and provides guided step-by-step processes and a comprehensive System Security Package (SSP). This application allows Security Specialists consistent cybersecurity compliance to STIGS, IAVA, HBSS and other issues. It reduces the backlog of vulnerability patches and increases defensive posture against data breaches, information and security threats.
Benefits:
- Assessment & Authorization (A&A) process requirements complete in hours
- Document and download a complete System Security Package (SSP) for review, auditing and submission
- Informed decision making and assurance regarding security and data protection
- Reduction of overall IT and security risk and improved protection posture
- Increased compliance coverage with reduced effort
- Decreased time to detect, identify root cause and remediate compliance issues
- Gain in management confidence level relative to emerging strategic and regulatory risk
- Transitions from manual to automated controls testing
- Minimized one-off compliance activities
- Reduced time to resolution on audit, risk and compliance issues
- Improved staffing management for remediating issues
Modern User Experience and Portal
-
Visualize security compliance with mobile-ready dashboards, charts and graphs
-
Be aware of out-of-band alerts and notifications on the go from any device with any-sized screen
-
Command display modes improve situational awareness for area-mounted displays around your command center
Automate Risk Management Framework processes for NIST or DOD based systems
-
Generate and assign Tasks for all stages of the RMF process
-
Workflow for RMF 2.0 included
-
Information Types help determine security categorization
-
Control Sets including Baseline, Overlay and Common controls automate Control selection
-
Easily process Control implementation and assessment manually or via spreadsheet based updates
STIG Libraries and Checklists
-
Import STIGs, SCAP and manage vulnerability checklists
-
Import XCCDF files
-
Export checklists in XML for use with other applications
-
Vulnerability checks to help track progress
-
STIG files may be digested automatically via inbound emails
Automatic POA&M Generation
-
Plan of Action & Milestones serve as corrective actions for tracking and planning the resolution of information security weaknesses.
-
Automatically generate POAMs from rejected control assessments, from IAVM records or from ServiceNow Vulnerable Items.
-
Include detailed resources required to accomplish the elements of the plan, all milestones in meeting the tasks, and scheduled completion dates.
-
Consolidated issues management process
-
Consolidated list of defects and findings from audits and A&A and CM processes
-
Consolidated list of POA&Ms with status, progress, and expiration dates
-
Compliance with Federal Government policies and requirements including Federal CIO, NIST, and DoD/US Cyber Command
Monitor & Track IAVA and IAVB Reports
-
Stay up-to-date on vulnerabilities with real time Information Assurance Vulnerability Alert (IAVA) and Information Assurance Vulnerability Bulletin (IAVB) from US Cyber Command
-
IAVA vulnerabilities may be digested automatically via inbound emails, tracked and mapped for mitigation
Additional Features
-
Authorization package creation, approval, and maintenance workflows
-
Centralized capability to catalog all business and technology assets (configuration and/or asset database)
-
Authorization boundary definition
-
Clear and justified security categorization
-
Customized control allocation and assessment
-
Project-based issue remediation (POA&M)
-
Standardized approach to measuring risk and control performance
-
Informed authorization decision-making
-
Monitor strategy and Ongoing Authorization (OA)
This release includes:
-
Dashboards adjustments implemented to improve performance.
-
Enhanced importing of new STIG formats to include version information, legacy IDs, filenames and release information.
- Added SCAP Import module in native UI.
N/A