CyberScope is an application co-developed by the Department of Homeland Security and the Department of Justice to automate and standardize manual and automated inputs of agency data for FISMA compliance reporting. NIST has collaborated with this effort to provide data models that use the underlying SCAP primitives (CVE, CCE, CPE) to produce data feeds directly from security management tools that can be submitted to CyberScope (reference: http://scap.nist.gov/use-case/cyberscope/ ).
SAINT is included on the OMB MAX Portal list of vendors capable of providing exported data feeds for CyberScope.
Support to CyberScope is one more example of SAINT's continuing commitment to our federal customers, as it relates to continuous monitoring initiatives, reporting, and compliance under FISMA. As the first lab-tested and NIST-approved USGCB scanner, SAINT continues to evolve and maintain market leadership in the areas of compliance and reporting, and is now proud to add CyberScope reporting to our customers’ cyber-defense arsenal.
How SAINT supports CyberScope
SAINT enables customers to execute real-time, scheduled, and recurring assessments across any size organization—from a standalone deployment or centrally managed distributed deployment—to ensure a flexible, yet powerful configuration to fit within the organization’s overall continuous monitoring framework. SAINT’s agentless scanner probes discover available hosts and gather inventory facts that will ensure a thorough, yet focused assessment of the environment. SAINT provides additional workflow and oversight control during the process through e-mail notifications and customer-defined report delivery, to facilitate faster turnaround of evaluation and remediation activities prior to formal reporting. SAINT then provides customers with the necessary interfaces to complete organization-specific components of the reporting format and produce the finished product, in accordance with the required CyberScope specifications.