Assured Compliance Assessment Solution
Assured Compliance Assessment Solution (ACAS) is a software set of information security tools used for vulnerability scanning and risk assessment by agencies of the United States Department of Defense (DoD).[1] It performs automated vulnerability scanning and device configuration assessment. ACAS was implemented by the DoD in 2012, with contracts awarded to Tenable, Inc. (then known as Tenable Network Security) and Hewlett Packard Enterprise Services to improve cybersecurity within the DoD. It is mandated by regulations for all DoD agencies and is deployed via download.[2][3] Part of the ACAS software monitors passive network traffic, new network hosts, and applications that are vulnerable to compromise. It also generates required reports and data that are remotely accessible,[4] with a centralized console, and is Security Content Automation Protocol (SCAP) compliant. The Defense Information Systems Agency's Cyber Development (CD) provides program management and support in the deployment of ACAS.[5] The Army's Systems Engineering and Integration Directorate said in 2016 that ACAS gives the Army "a clear, specific and timely picture of cyber vulnerabilities and how they are being addressed. Not only does the technology streamline processes at the operator level, it also enables broader goals such as the Cybersecurity Scorecard and automated patching for improved mission assurance."[6]
In 2017, DISA introduced the Command Cyber Operational Readiness Inspection program (CCORI) for enhanced identification of operational cybersecurity risks.[4] Tenable’s software license for the ACAS contract was renewed by DISA in December 2018.[7]
References
- ^ Galliani, Jeremy (May 29, 2015). "What is Assured Compliance Assessment Solution (ACAS)?". Segue Technologies. Retrieved September 21, 2019.
- ^ Ask ACAS
- ^ "Tenable Network Security Selected for DoD Assured Compliance Assessment Solution (ACAS) Pilot". Business Wire. October 5, 2011. Retrieved September 21, 2019.
- ^ a b "DISA Cyber Program Focuses on Operational Risk". SIGNAL magazine. March 29, 2017. Retrieved September 21, 2019.
- ^ "Assured Compliance Assessment Solution (Development)". Defense Information Systems Agency. June 26, 2019. Retrieved September 21, 2019.
- ^ Heininger, Claire (March 2, 2016). "Toolkit improves cybersecurity". U.S. Army. Retrieved September 21, 2019.
- ^ "DoD Reaping the Benefits of ACAS Deployment". MeriTalk.com. August 26, 2019. Retrieved September 21, 2019.