Federal Government Cyber Security: CONNECT SECURITY TO THE MISSION WITH TRIPWIRE
Federal agencies are under pressure to improve cybersecurity by focusing on compliance and risk management initiatives such as continuous monitoring, Federal Information Security Amendments Act (FISMA) compliance, NIST and agency standards. Tripwire delivers the most robust suite of security controls for asset, vulnerability, configuration and risk management requirements, providing security intelligence and evidence of compliance to agency operations. Tripwire helps agencies prioritize critical assets across the network and implement a framework of foundational security controls to continuously monitor information assets to improve risk posture.
Transform Your Controls for Continuous Monitoring
Tripwire solutions transform the static security control assessment process into an automated security information collection process, enabling continuous risk assessment and compliance. Federal security directives require agencies to continuously monitor their systems for cyberthreats and implement regular threat assessments. This focus on risk monitoring and analysis improves the overall posture, awareness and responsiveness of security programs.
Achieve and Maintain Continuous Compliance
Tripwire helps government agencies identify, classify and mitigate vulnerabilities and automate compliance and audit reporting. Tripwire automation for security risk management integrates with continuous compliance goals and reduces time and effort for Certification and Accreditation (C&A). Tripwire solutions are designed to support the reporting and monitoring requirements of FISMA regulations, CyberScope reporting, FDCC and USGCB, DISA STIGs, and supports key security program management. Tripwire has a track record for building best-in-class technology, meeting Federal compliance requirements and integrating standards such as FIPS 140, Common Criteria and SCAP.
Deliver the First Four SANS Critical Security Controls
Federal agencies have begun using the SANS 20 Critical Security Controls (CSC) because it provides continuous monitoring, sequences IT control implementations, and understands budgets and impacts of these implementations. As these controls map to NIST 800-53, the SANS program is promoted by the OMB and DHS as the roadmap for continuous monitoring. Tripwire products help your agency achieve the goals of that roadmap by contributing to 16 of the 20 SANS CSC. Tripwire solutions fully address the four most foundational controls for visibility (inventory of hardware and software) and reducing the attack surface (security configuration & vulnerability management), which are shown to reduce risks and assure an effective defense against current and future cyberthreats. The data from these processes is essential for proper implementation of other controls such as application software security, boundary defense, and security audit logging.
Tripwire Features and Benefits
Tripwire is a vendor of market-leading security products with deep experience in Federal environments. We understand the dynamics in cyberthreats and vulnerabilities, Federal initiatives, and compliance standards. Our products collect data from a large number of operating systems, applications and devices; the products can be integrated into enterprise systems and processes to assure proper scalability and interoperability.
- Discover, profile and scan every asset on your network for situational awareness
- Identify and prioritize risks based on vulnerabilities & configurations
- Baseline to detect and update changes and compare to standards (e.g.FISMA, NIST, DISA, NSA)
- Provide context to make SIEM, Help Desk and GRC tools useful to detect security breaches as they happen
- Single flexible solution for enterprise view of servers, databases, firewalls, network devices, directory services, applications and workstations
- Interoperable with other products such as help desk, asset management, configuration management, and incident response solutions
- Support compliance with applicable Federal laws, Executive Orders, directives, policies, regulations, standards, and guidelines with industry's largest policy content library
- Fully automates checks for patches, vulnerabilities, misconfigurations and unauthorized changes
- Leading the way in development of security technology developed in accordance with latest SCAP 1.2 standards
- Provides top-to-bottom drilldown capabilities from general scoring trends and rollups to specific test failures and remediation checklists