eEye for Government Solutions
Unified Vulnerability Management & Compliance Solutions
eEye is a dedicated provider of unified vulnerability management and compliance solutions for Government agencies. Retina.GOV, built upon our world-renowned research team, is an integrated end-to-end vulnerability management and compliance solution designed to help Government departments and agencies with protection and compliancy by defining and monitoring relevant IT controls.
Retina.GOV combines the powers of Retina and our enterprise management console, REM, to form a unified solution designed to help Government departments and agencies with vulnerability assessment and compliancy by defining and monitoring relevant IT controls.
- Implement policy-based security management including routine security assessments, demonstrated control, and use of timely reports as part of standard processes.
- Capability to efficiently classify, respond to and resolve potentially high-volume threats.
- Enable compliance for SCAP, FDCC, and DIACAP initiatives mandated by command authorities.
Retina.GOV monitors both vulnerability and configuration of your IT assets, while correlating compliance requirements to pre-defined baselines and providing automated notification of violations. Your environment is assessed, capturing established security controls along with any vulnerabilities or configuration violations that impact the network. Detailed reports providing prescriptive guidance and recommendations are then forwarded and response is initiated to ensure that corrective action can be taken in a timely fashion.
Government Regulations and Retina.GOV Certifications
SCAP:
Retina Network Security Scanner, the flagship solution component of Retina.GOV, supports the following SCAP requirements:
- Federal Desktop Core Configuration (FDCC) Scanner
- Authenticated Configuration Scanner
- Authenticated Vulnerability and Patch Scanner
- Unauthenticated Vulnerability Scanner
Retina’s SCAP capabilities include the following standards: XCCDF, OVAL, CCE, CPE, CVE and CVSS.
Utilizing Retina Network Security Scanner’s SCAP engine, users are able to import SCAP content, such as FDCC benchmarks, for interpretation and assessment of network devices. Retina provides an easy-to-use wizard that guides the user through the steps of selecting desired content, providing information on the assets to be evaluated, and launching the assessment scan. Upon launch, the scan will run without user intervention, alerting you when complete. The assessment results are made available in both machine legible XML in OVAL and XCCDF formats as well as human readable reports. Both machine and human readable output contains associated CVE, CPE, CVE and CVSS references as applicable.
FDCC:
eEye's Retina Network Security Scanner is compliant with FDCC 1.2.
The Federal Desktop Core Configuration (FDCC) is an OMB-mandated security configuration which exists for Microsoft Windows Vista and XP operating systems. The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0. Microsoft's Vista Security Guide reflects the consensus recommended settings produced through a collaborative effort amongst DISA, NSA, and NIST.
The Windows XP FDCC is based on Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft's Security Guide for Internet Explorer 7.0.
DIACAP:
Retina.GOV enables organizations to become DIACAP compliant:
- The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process of ensuring that risk management is applied on information systems (IS).
- DIACAP defines a DoD-wide formal and standard set of activities, general tasks and management structure process for the certification and accreditation (C&A) of a DoD IS that will maintain the information assurance (IA) posture throughout the system's life cycle.