SOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS

Similar documents
RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

COMPLIANCE TRUMPS RISK

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

RSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.

RSA ARCHER INSPIRE EVERYONE TO OWN RISK

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

SOLUTION BRIEF HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

WHITE PAPER THE 6 DIMENSIONS (& OBSTACLES) OF RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

ORACLE SOA GOVERNANCE SOLUTION

WHITE PAPER. Standardization in HP ALM Environments. Tuomas Leppilampi & Shir Goldberg.

IBM Software Rational. Five tips for improving the ROI of your software investments

Gain strategic insight into business services to help optimize IT.

RSA Archer Compliance Management 5.2 Webcast

Simplify and Secure: Managing User Identities Throughout their Lifecycles

WHITE PAPER 5 THINGS TO KNOW WHEN RESEARCHING RISK MANAGEMENT PLATFORMS

Sustainable Identity and Access Governance

Aprimo Marketing Productivity

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

Rethinking the way personal computers are deployed in your organization

LIST OF TABLES. Table Applicable BSS RMF Documents...3. Table BSS Component Service Requirements... 13

Delivering Business-Critical Solutions with SharePoint 2010

DATA SHEET RSA IDENTITY GOVERNANCE & LIFECYCLE SERVICES ACCELERATE TIME-TO-VALUE WITH PROFESSIONAL SERVICES FROM RSA IDENTITY ASSURANCE PRACTICE

Business Risk Intelligence

CENTRE (Common Enterprise Resource)

SOLUTION BRIEF RSA IDENTITY GOVERNANCE & LIFECYCLE SOLUTION OVERVIEW ACT WITH INSIGHT TO DRIVE INFORMED DECISIONS TO MITIGATE IDENTITY RISK

CORROSION MANAGEMENT MATURITY MODEL

Continuous Diagnostic and Mitigation and Continuous Monitoring as a Service. CMaaS TASK AREAS

RSA. Sustaining Trust in the Digital World. Gintaras Pelenis

Productivity Management INTELLIGENT COLLABORATION SOLUTION

MEGA S SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE

Rational Software White Paper TP 174

CAPITAL MARKETS TRANSFORMATION. Pathways to Operations Control Value

IBM Service Management solutions To support your IT objectives. Create and manage value throughout the entire service management life cycle.

Achieving Application Readiness Maturity The key to accelerated service delivery and faster adoption of new application technologies

SOLUTION BRIEF HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Actionable enterprise architecture management

Brochure. Application Lifecycle Management. Accelerate Your Business. Micro Focus Application Lifecycle Management Software

Integration and Infrastructure Software. Process Integration from IBM. Optimizing resources to improve productivity.

IBM Maximo Asset Management solutions for the oil and gas industry

Quantifying the Value of Investments in Micro Focus Quality Center Solutions

Building a Foundation for Effective Service Delivery and Process Automation

The Economic Benefits of Puppet Enterprise

An Overview of the AWS Cloud Adoption Framework

Securing Intel s External Online Presence

Why You Should Take a Holistic Approach

Drive more value through data source and use case optimization

Predix Asset Performance Management. A Digital Mine solution

Realize and Sustain the Value of Your Micro Focus Implementation

ACHIEVE GLOBAL TRADE BEST PRACTICES

Operational Excellence By Automating Operational Risk Management. February 4, 2016 Doug Hatler, EVP of Sales

Fueled with ALM Octane

THE NEW CFO DELIVERING BUSINESS VALUE IN THE DIGITAL AGE

ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE

Fulfilling CDM Phase II with Identity Governance and Provisioning

Comprehensive Cost and Security Management for C2S Environments

2012 Honeywell Users Group EMEA. Sustain.Ability. John Schofield, Honeywell Improved Reliability, Safety and Compliance with Management of Change

Siebel Enterprise Marketing Suite

On Demand IT Governance: A powerful tool for enhancing the strategic value of IT.

IBM Service Management Buyer s guide: purchasing criteria. Choose a service management solution that integrates business and IT innovation.

STREAM Integrated Risk Manager. ISO Application. How STREAM supports compliance with ISO 27001

Oracle Management Cloud

Trusted by more than 150 CSPs worldwide.

SuprTEK PanOptes TM Continuous Monitoring Platform

Aptitude Accounting Hub

Redesigning the Organization with Information Systems

Global at the Core. The Workday Approach to Global Financial Management

Efficient Support for Internal Control Systems via a GRC Software Platform

EPC Perspectives: Generating New Revenue Streams From Plant Operations & Maintenance. Executive Brief

Address system-on-chip development challenges with enterprise verification management.

Environmental, Health and Safety Management

IBM Software July 2011 Thought Leadership White Paper. What is MRM, and why are marketers investing in this technology?

ORACLE PROJECT PORTFOLIO MANAGEMENT CLOUD

ENOVIA Life Sciences Accelerator for New Product Introduction

7 Trends Impacting How We Use Digital Assets

IT Management Maturity. Phase 3: Moving from Proactive to Aligned

MAXIMIZE PERFORMANCE AND REDUCE RISK

BMC FootPrints. Service Management Solution Overview.

Planning and design for smarter cities

Adaptive work environments

Project Remedies Solution Set s Ability to Transform your IT Organization. A Selection of Use Cases from Project Remedies Inc.

An Oracle White Paper December Reducing the Pain of Account Reconciliations

WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY

You can plan and execute tests across multiple concurrent projects and people by sharing and scheduling software/hardware resources.

RSA. Archer Risk Intelligence Index

MATURITY MODEL SNAPSHOT REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

Seamless Application Security: Security at the Speed of DevOps

MAPR: THE CONVERGED DATA PLATFORM FOR MANUFACTURING

Planview Enterprise One

You can plan and execute tests across multiple concurrent projects and people by sharing and scheduling software/hardware resources.

The Current State of Marketing Agility. Joint market research between Teradata Marketing Applications and Forbes Insights

Reinforcing the Three Lines of Defense SAP software for risk management, process control, and audit management

Cyber Security. & GRC Metrics That Tell a Story! Presented by: Swarnika Mehta Manager, KPMG Cyber Security Services

White Paper. Code Maintenance Best Practices. 4 Essential Skills for Lean Times

Using Analytical Marketing Optimization to Achieve Exceptional Results WHITE PAPER

Simplifying the Risk & Compliance THE PREMISE

Bridging Software Development and Enterprise Project Management

Balanced Perspective. Managing software development from a business and technical point of view. IBM Software Group

Transcription:

RSA ARCHER PUBLIC SECTOR SOLUTIONS

INTRODUCTION Federal information assurance (IA) professionals face many challenges. A barrage of new requirements and threats, a need for better risk insight, silos imposed by people and technologies, and a shortage of resources create a complex environment for IA teams. FISMA (Federal Information Security Management Act) compliance in itself is a significant challenge, even before factoring in federal budget constraints, new cyber threats, and new compliance requirements. The additional challenge of trying to integrate real operational security data into compliance activities complicates these efforts further. Risk insight is another enormous challenge. Applying cookie-cutter processes and controls to every asset results in under or over protection, typically at great expense. To avoid this, the federal community has grasped the importance of making risk-based decisions and risk-based spending. Security management tools can determine how many patches are missing or how many vulnerabilities are present, but very few provide real business context. As a result, risk decisions are made at a management level without the full risk picture, and security administrators do not know which findings or deficiencies to fix first. Compliance with OMB (Office of Management & Budget) memo and circulars, and the assessment and authorization (A&A) required by FISMA, costs the federal government billions of dollars per year. The current IA paradigm is tremendously expensive. The added factors of funding dramas and continuing resolutions over the past few years have hurt the probability that IA budgets can adequately accommodate the tools, staffing and training to meet current and future challenges. 2 Finally, siloes can exist within the federal community at large, individual departments and even the workflows of a single office. From both interorganizational and intra-organizational perspectives, disparity and redundancy occur in tools, processes, standards, data, and language. ALIGN SECURITY, COMPLIANCE AND RISK MANAGEMENT INTO ONE PROCESS Establishing a central repository for risk and control related data is the first step in ensuring you have an accurate and comprehensive view of risk that can be readily conveyed to all stakeholders. You must break down data and communication silos between tools and people. You must then exploit this streamlined data flow to save time, increase data sharing, and make more informed risk decisions. Use of common tools and processes allows you to track and manage FISMA and OMB compliance requirements and leverage assessment data for reuse, including GAO (Government Accountability Office) and other audits. Integrating automated and manual continuous monitoring tools will satisfy federal compliance requirements, and will also drive faster defect remediation, reduce actual risk, and provide complete risk metrics which are always current.

THE RSA ARCHER PUBLIC SECTOR SOLUTIONS ADVANTAGE RSA Archer Public Sector solutions are purpose-built to meet the unique needs of U.S. federal agencies, providing capabilities essential for effective information assurance program management and maximizing existing agency infrastructure investments. HARNESS THE POWER OF CONVERGENCE With a common platform, common taxonomy, and integrations to scanners, sensors, and other security tools, IA teams can collect and share data in a common environment. This infrastructure eliminates the need to constantly import, export, and reformat data, breaking down silos and allowing your stakeholders to share information faster and easier. In addition, information sharing provides a broader view and for stakeholders to make the right risk decisions to reduce risk and ensure compliance. YOUR SECURITY PROGRAM S PATH TO MATURITY You need to accommodate a wide spectrum of maturity levels and to push your security program forward on its maturity path. For many years, FISMA only required a set of Certification and Accreditation (C&A, now A&A) artifacts. RSA Archer Public Sector solutions produce not only A&A artifacts, but could enhance companion solutions to enable Contingency Planning, Continuous Monitoring, and third party and supply chain management. This integrated approach pushes the organization to manage more security functions in a more informed, more efficient way. 3 LEVERAGE TRUE AGILITY Unlike most of the solutions that the public sector currently uses, RSA Archer is not hard coded into one rigid use case. Applications, workflows, and reports and dashboards can be quickly reconfigured to adjust to changes in your internal policies or processes. As federal guidance or your program changes, the solution can be modified to ensure your processes are appropriately aligned. RSA ARCHER PUBLIC SECTOR SOLUTIONS RSA Archer Public Sector solutions allow you to leverage people, process, and technology to build an integrated approach to Assessment & Authorization, Continuous Monitoring and overall risk management. In addition to solving IA challenges, RSA Archer Public Sector solutions can also provide significant ROI by saving labor hours, reducing software license and training costs, increasing productivity, reducing risks and incidents, and bringing the IA organization into an improved, common culture through improved data sharing and the use of a common taxonomy and workflow. ASSESSMENT & AUTHORIZATION With RSA Archer Assessment & Authorization, you can assess and authorize all new information systems before they go into production to ensure they are operating at an acceptable level of risk. RSA Archer gives the authorization

team the ability to define authorization boundaries, allocate and assess controls, assemble authorization packages, make informed authorization decisions, and determine whether each information system stays within acceptable risk parameters. RSA Archer Assessment & Authorization allows organizations to comply with FISMA and OMB requirements while improving overall security and controls. It also integrates with RSA Archer Continuous Monitoring to provide a true ongoing authorization (OA) capability. RSA Archer Assessment & Authorization enables more efficient identification, management, and mitigation of issues, including common (inherited) control management. This means enabling current staff to do more with less pain. Reports and authorization artifacts are automatically updated. Additional context and more current data mean improved compliance, visibility, and security. CONTINUOUS MONITORING RSA Archer Continuous Monitoring serves as a hub for many types of scanner and sensors, allowing the organization to build an aggregate risk view at any level of the enterprise. Individual defects can be monitored and scored. Defects are aggregated at each level of the hierarchy, from the individual device up to the Department level. Through this aggregation, a risk score can be designated at any layer and the amount of relative risk introduced can be measured. The reporting and workflow allows limited resources to be focused on the remediation efforts that will provide the greatest benefit. With RSA Archer Continuous Monitoring, you can make a faster, more targeted response to emerging risks. Your staff will be able to mitigate the findings in the order in which they will reduce risk most. When used in tandem with RSA Archer Assessment and Authorization, it can enhance your FISMA and OMB compliance activities by verifying that information systems are abiding by authorization agreements (ATO) and are operating within acceptable levels of risk. This translates to a more secure environment with more insight and the ability to make better, more informed risk decisions. PLAN OF ACTION & MILESTONES MANAGEMENT RSA Archer Plan of Action and Milestones (POA&M) Management allows you to centralize findings and defects and then track the remediation effort into dates, milestones and costs. The use case also provides the capability to route POA&Ms through formal approval and review processes and capture performance management and cost metrics. CONCLUSION With RSA Archer Public Sector solutions, you can exceed the minimum Assessment & Authorization and Continuous Monitoring requirements set by FISMA and OMB and improve the maturity and efficiency of your 4

security program. Breaking down silos with RSA Archer s integrated platform and solutions will improve communication and visibility. The flexible and configurable nature of the RSA Archer platform, as well as the path left open to integrate with other RSA Archer solutions, means your security program can continue to adapt and mature in the future. 5 RSA and the RSA logo, are registered trademarks or trademarks of Dell Technologies in the United States and other countries. Copyright 2018 Dell Technologies. All rights reserved. Published in the USA. 01/18 Solution Brief H15122. RSA believes the information in this document is accurate as of its publication date. The information is subject to change without notice.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback