The Defense Information Systems Agency has implemented a continuous monitoring risk scoring system that will work to measure the cybersecurity risk of the agency’s computer networks, Federal News Radio reported Thursday.
Jason Miller writes David Bennett, chief information officer at DISA, said the tool is designed to analyze network security elements to calculate overall risk score.
“One of those factors is continuous scanning of your environment to say what does your application look like relative to Security Technical Implementation Guide findings or to Information Assurance Vulnerability Management implementations and other things like this,” Bennett told the station.
According to the agency, the web-based CMRS uses a dashboard to show an organization’s cyber defense posture based on available asset inventory and compliance data.
Bennett added the agency will also adopt an assured compliance assessment system intended to automatically identify any configuration vulnerability in computers, according to the station.
ACAS includes a scanning device and a report generator and is designed as a follow-on to the agency’s secure configuration compliance validation initiative platform, Miller writes.