Upload
ngodat
View
228
Download
0
Embed Size (px)
Citation preview
2
DATA SHEET
THE CHALLENGE The federal community has struggled for years to meet basic FISMA (Federal
Information Security Management Act) reporting and OMB (Office of Management
and Budget) compliance requirements. Budget constraints have created reactive,
just-in-time responses to these resource-intensive activities. Attention is focused
only on the Authorization to Operate (ATO) and Plan of Action & Milestones
(POA&M) expiring next, and migration to new control catalogs are often postponed
as long as possible. Agencies have basic defect identification and remediation
capabilities but assess their controls infrequently because they have no in-house
assessment resources. This situation creates a constant budget issue because
organizations have to hire costly outside vendors and fund just one or two
assessments in advance. Compliance and expiration dates drive decisions more
than real risk metrics while organizations also need to contemplate how to comply
with the latest continuous monitoring (CM) requirements.
There have been many negative results from this FISMA and OMB compliance
paradigm over the years: Security artifacts and metrics are often out of date
or incomplete. Inefficient and duplicate efforts cause unneeded stress on staff
and further strain budgets, resulting in limited visibility and accountability in
addressing known risks. Issues fall through the cracks, deadlines are missed and
security vulnerabilities remain open.
OVERVIEW RSA Archer® Assessment & Authorization (A&A) allows the organization
to assess and authorize all new information systems before they go into
production to ensure they are operating at an acceptable level of risk. It gives
the authorization team the tools and capabilities to define authorization
boundaries, allocate and assess controls, assemble authorization packages,
make informed authorization decisions, and determine whether each
information system stays within acceptable risk parameters. RSA Archer A&A
allows organizations to comply with FISMA and OMB requirements while
improving security. This use case also integrates with RSA Archer Continuous
Monitoring to provide a true Ongoing Authorization (OA) capability.
With RSA Archer Assessment & Authorization, you can more effectively
identify, manage and mitigate issues, including common (inherited) control
management. These capabilities enable organizational resources to be more
productive in their role by eliminating bottlenecks and inefficient manual
processes. Reporting and authorization artifacts can now be automatically
updated, providing senior executives and business owners with accurate, real-
time data to enable better-informed business decisions to be made to ensure
organizational compliance is maintained and effective security measures are
proactively enacted.
3
DATA SHEET
KEY FEATURES• Authorization boundary definition
• Electronic signatures and PIN authorization enable digital signatures and
signature tracking
• Clear and justified security categorization
• Customized control allocation and assessment
• Authorization package creation and approval workflow
• Informed authorization decision-making and issue remediation (POA&M)
• Monitoring strategy and Ongoing Authorization (OA)
KEY BENEFITS
RSA Archer Assessment & Authorization provides:
• Savings in labor hours
• More informed decision-making and greater assurance in decisions
• Expedited approval of records and signature tracking throughout the
record lifecycle
• Improved controls tracking across the organization
• Reduction of overall IT and security risk
4
DATA SHEET
©2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered trademarks or trademarks of Dell Inc. or its subsidiaries in the United States and other countries. All other trademarks are the property of their respective owners. RSA believes the information in this document is accurate. The information is subject to change without notice. 07/18, Data sheet, H4818-2 W142112
FOR MORE INFORMATION
To learn more about how EMC products, services, and solutions can help
solve your business and IT challenges, contact your local representative or
authorized reseller—or visit us at rsa.com. If you are an existing RSA Archer
customer and have questions or require additional information about
licensing, please contact RSA Archer at [email protected] or call 1-888-
539-EGRC.