ACAS
(Assured
Compliance
Assessment
Solution)
A
repository
is
defined
by
what?
-
ANS-1.
IP
address
range
2.
MDM
data
type
A
Scan
Job
incorporates
-
ANS-Policy,
schedule,
Credentials,
Import
Repository,
Targets,
and
Scan
Zone
ACAS
(Assured
Compliance
Assessment
Solution)
-
ANS-is
a
network-based
security
compliance
and
assessment
capability
designed
to
provide
awareness
of
the
security
posture
and
network
health
of
DoD
networks
ACAS
components
-
ANS-SecurityCenter
Nessus-
active
scanner
PVS
(passive
vulnerability
scanner)
-
sniffs
the
network
3D
tool/optional
-
port
443
ACAS
components
perform
these
main
functions:
-
ANS--
Discover
assets
-
Detect
vulnerabilities
and
data
leaks
-
Conduct
configuration
and
compliance
audits
-
Publish
findings
to
Continuous
Monitoring
and
Risk
Scoring
(CMRS)
Acceptable
audit
files
for
Security
Center
include
which
of
the
following?
-
ANS-1.
Tenable
Network
Security
Templates
(SC
Feed)
2.
DISA
STIG
automated
Benchmarks
(ingested
in
.zip
format)
3.
SCAP
compliant
checklists
from
NIST
(.xccdf)
Active
(Nessus)
plugin
Range
-
ANS-10,001-900,000
ARF
-
ANS-Advanced
Recording
File
Audit
Files
-
ANS--
text
files
that
contain
the
specific
configuration,
file
permission,
and
access
control
tests
to
be
performed
-
an
attachment
to
a
scan
policy
used
with
credentials
to
audit
a
host's
configuration
Auditing
Components
for
SecurityCenter
-
ANS-1.
Upload
an
audit
file
(may
be
done
by
administrator)
2.
Create
a
scan
policy
(with
an
attached
audit
file)
3.
Create
a
scan
4.
Launch
the
scan
5.
View
the
results Blackout
Windows
-
ANS--
allow
you
to
set
a
"do
not
scan"
period
of
time
-
Scans
launched
during
an
active
Blackout
Window
will
show
a
Partial
Status
in
the
Scan
Results
-
will
prevent
scheduled
scans
from
running
-
times
are
expressed
in
24-hour
format
CMRS
(
Continuous
Monitoring
and
Risk
Scoring)
-
ANS-a
tool
to
provide
DoD
component
-
and
enterprise-level
situational
awareness
by
quantitatively
displaying
an
organization's
security
posture
CMRS
(Continuous
Monitoring
&
Risk
Scoring
)
Goals:
-
ANS--
Provides
DoD
component-level
and
enterprise-level
situational
awareness
-
Displays
a
web-based
dashboard
for
monitoring
the
risk
scores
of
DoD
assets
-
Use
consolidated
data
from
ACAS
and
the
HBSS
-
Align
with
DoD's
RMF
requirements
Compliance
-
ANS-a
state
of
being
in
accordance
with
established
guidelines,
specifications
or
legislation,
or
the
process
of
becoming
so
Compliance
auditing
identifies
deviations
from
a
defined
standard,
whereas,
vulnerability
management
finds
weaknesses
that
could
lead
to
compromise
-
ANS-True
Compliance
plugin
Range
-
ANS-1,000,000+
Credentials
-
ANS-administrative
level
usernames
and
passwords
(or
SSH
keypairs)
that
are
used
in
authenticated
scans
Custom
plugins
created
by
users
Range
-
ANS-900,001-999,999
CVE
-
ANS-Common
Vulnerabilities
and
Exposure
CVSS
-
ANS-Common
Vulnerability
Scoring
System
Each
Nessus
scanner
must
have:
-
ANS-1.
Unrestricted
access
(all
ports)
to
every
target
that
it
scans
2.
TCP
Port
8834
(both
directions)
open
between
Nessus
and
Security
Center
eMASS
-
ANS-Enterprise
Mission
Assurance
Support
Service
Groups
-
ANS-Access
rights
How
can
you
get
your
SecurityCenter
plugin
updates?
-
ANS-Automatically
from
DISA's
plugin
server
and
manually
from
the
DoD
Patch
Repository
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller AnswersCOM. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.