Xacta 360 operationalizes NIST Cybersecurity Framework 1.1

Telos announced a new application for its Xacta 360 cyber risk management platform that streamlines execution of the NIST Cybersecurity Framework (CSF) and automates associated reporting.

“Organizations around the world are gaining much greater awareness of their cyber risk posture by implementing the CSF,” said Rick Tracy, Telos chief security officer and co-inventor of Xacta.

“By automating data gathering and reporting, Xacta 360 greatly reduces time to deploy a CSF-based cyber risk management program, helps ensure accuracy and completeness of self-assessment activities, and allows for greater awareness of cyber risk objectives and outcomes.”

This cyber risk management application for Xacta 360 accounts for all elements of the CSF – core, implementation tiers, current and target profiles, and gaps – and steps the organization through the gap assessment process.

“The beauty of the CSF,” Tracy continued, “has always been its ability to organize cyber risk information in a way that is understood from the server room to the boardroom. Xacta 360 now automates the packaging and presentation of cyber risk objectives and gaps for prioritization and action.”

In 2013, President Barack Obama issued an executive order requiring the National Institute of Standards and Technology (NIST) to develop the CSF to secure systems associated with critical infrastructure.

Originally intended for use by organizations operating within the sixteen sectors designated critical infrastructure by Department of Homeland Security, many other industries and approximately twenty nations have embraced the CSF standard.

By executive order in May 2017, President Donald Trump also called for its mandatory use by agencies of the U.S. federal government.

Telos has mapped other security requirements and control frameworks to the CSF core, including NIST Special Publication 800-171 for protecting controlled unclassified information, NIST SP 800-161 for supply chain security, and the European Union’s General Data Protection Regulation (GDPR), allowing organizations to leverage the benefits of the CSF for various self-assessment requirements. The application can also support self-assessments for ISO 27001 and NIST SP 800-53, if desired.

Xacta 360 auto-generates standard NIST documentation such as system security plans (SSP) and plans of action and milestones (POA&M), as well as compliance score cards for supported regulations and frameworks. Custom documentation can also be defined and generated by the user with minimal effort.

A platform solution, Xacta 360 streamlines compliance for systems operating in any environment – on-premises, in the cloud or hybrid.

For systems hosted by Amazon Web Services (AWS), Xacta 360 can scan the accounts and services being used to establish an inventory and monitor these resources to ensure compliance of those inventories and configurations.

Combined with Xacta Continuum, Xacta 360 can ingest on-premises asset data for inventory and continuous monitoring.

Whether or not an organization is required to gain authorization to operate, Xacta 360 is a solution to manage cyber risk. The new CSF application helps users orchestrate an enterprise cyber risk and compliance management process.