What is Assured Compliance Assessment Solution (ACAS)? - wima space
Wed. Nov 30th, 2022

The Assured Compliance Assessment Solution (ACAS) is a suite of COTS applications that address a variety of security objectives and was developed by Tenable. The new DISA program awarded Tenable the DoD contract in 2012, and the company-wide implementation of ACAS progressed slowly but surely. The move to ACAS came to further unify security assessment reporting to enable leadership to view and measure the overall security posture of the entire IT infrastructure
. Below
is a breakdown of some of the components of ACAS and some of the challenges an agency may face when implementing ACAS.

ACAS Components

Nessus

The Assured Compliance Assessment Solution (ACAS) is a suite of COTS applications that address a variety of security objectives and was developed by Tenable. The new DISA program awarded Tenable the DoD contract in 2012, and the company-wide implementation of ACAS progressed slowly but surely. The move to ACAS came to further unify security assessment reporting to enable leadership to view and measure the overall security posture of the entire IT infrastructure
. Below
is a breakdown of some of the components of ACAS and some of the challenges an agency may face when implementing ACAS.

Passive Vulnerability Scanner

The primary purpose of the Passive Vulnerability Scanner (PVS) is packet-level network traffic monitoring. While Nessus monitors devices for vulnerabilities, PVS monitors network traffic traversing your network for vulnerabilities. Please note that PVS is not an IDS and will not replace an IDS in your network. PVS provides the ability to discover new hosts added to a network, determine which ports are routing traffic through the network, determine when applications are compromised, and monitor
Mobile devices connected to your network.

Security Center

Security Center (SC) is the central management console for configuring Nessus and PVS. SC can collect scan data from all PVS and Nessus instances to provide customized dashboard and reports. SC instances for reporting purposes. This allows the Department of Defense to implement SC at different levels with all reporting going to one or more primary SC entities. As you can imagine, this reporting feature can be very beneficial now that leadership has itAbility to view policies, vulnerability compliance, and total IT assets across the organization. Assessing the security posture of DoD infrastructure is now easier than ever.

ACAS Challenges

Implementing ACAS in your environment requires training, human resources, and time. As mentioned above, ACAS consists of several applications (some of which are not mentioned) that need to be configured and tested. Ideally, your security professionals should enroll in DISA-sponsored Computer Based Training (CBT) courses to get a better idea of ​​what ACAS implementation entails. Also, remember that ACAS itself needs to become STIGe-d, so a
reference
DoD image should be used as the platform from the start. Finally, you want to measure the load that ACAS puts on your network during the testing phase, so as not to affect the normal day-to-day operations of the mission. You need to monitor the two ACAS components for the upload Nessus and PVS. Nessus is considered an active parser while PVS is passive. However, due to the network scan, PVS can, in many cases, put more strain on your network than running a typical Nessus scan.

The Department of Defense continues to evolve its comprehensive security program to address the ever-changing cyber threat landscape. ACAS is just one of many security programs implemented by the Department of Defense to protect confidential information. ACAS provides a streamlined, centralized way to run scans, collect scan data, and provide highly customizable reports that enable executives to measure the effectiveness of their security program.

By wissem

Leave a Reply

Your email address will not be published. Required fields are marked *