Home > News > featured news > SteelCloud and Telos Corporation Collaborate to Enhance NIST RMF Compliance

ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SteelCloud and Telos Corporation Collaborate to Enhance NIST RMF Compliance

Telos Corporation | January 09, 2023 | Read time : 02:00 min

SteelCloud LLC, a leading CIS and STIG compliance automation software developer and Telos Corporation, a renowned provider of cyber, enterprise, and cloud security solutions to the world's most security-conscious organizations, recently announced entering into a partnership to assist customers in reducing the complexity of NIST Risk Management Framework (RMF) compliance. Customers gain access to all seven RMF phases via a unified, automated solution.

SteelCloud's ConfigOS capabilities take care of the identify/ categorize, select, and implement components of RMF for technical assets. ConfigOS examines an asset, determining whether Security Technical Implementation Guides (STIG) apply, scanning against the STIG standards, identifying compliance indicators, and automating the remediation of findings. Meanwhile, Xacta incorporates and uses this information during the RMF's assessment and authorization processes, as well as when the monitor step is initiated once authorization to operate (ATO) is obtained.

Working together, ConfigOS and Xacta drive decisions to address identification and selection problems while reporting important indicator metrics required to achieve and sustain ATO. STIG and vulnerability data from ConfigOS are integrated into Xacta and mapped to appropriate requirements as part of Assessment and Authorization (A&A), providing customers with a streamlined approach to gaining necessary permissions. Xacta's workflow automation streamlines the whole NIST RMF workflow, managing validation, analysis, documentation, and accreditation processes from start to end.

About Telos Corporation

Telos Corporation provides solutions for continuous security assurance of personnel, systems, and information to the world's most security-conscious enterprises, empowering and protecting them. The company offers enterprise security solutions for identity and access management, organizational messaging, secure mobility, and network management and defense. Telos Corporation serves commercial organizations, regulated sectors, and government customers all around the world.

About SteelCloud

SteelCloud is a company that creates STIG and CIS compliance software for government and business clients. The company's product reduces the complexity, effort, and cost of implementing federal security standards by automating policy and security repair. SteelCloud has provided enterprise-wide security policy-compliant solutions, easing setup, and ongoing security and compliance support. SteelCloud goods are simple to obtain through our GSA Schedule 70 contract.

Spotlight

Migratie van CentOS Linux naar Red Hat Enterprise Linux

Het kiezen van het juiste besturingssysteem is tegenwoordig een belangrijke succesfactor voor elk bedrijf. Het kan erg verleidelijk zijn om voor een gratis optie te kiezen. Waarom dit vaak een fout is, lees je in het datablad Migreren van CentOS Linux naar Red Hat Enterprise Linux. Je leert waar je op moet letten bij het migrere

More featured news

Spotlight

Migratie van CentOS Linux naar Red Hat Enterprise Linux

Related News

PLATFORM SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

ThreatLocker Reveals Zero Trust's Future with Launch of New Products

ThreatLocker | February 07, 2023

ThreatLocker®, an endpoint security technology pioneer, recently announced the launch of ThreatLocker Ops, a community-driven threat detection tool, at Zero Trust World. This new product helps administrators detect attempted intrusions or system vulnerabilities. Ops is a policy-driven system that determines good or bad behavior based on ThreatLocker agent data. This information may be used to notify IT administrators of attempted attacks or to initiate measures to harden an environment utilizing other platform components. The Ops platform also integrates with ThreatLocker's new community, which allows similar firms to publish policies that are pertinent to their business, allowing for information exchange and a more comprehensive set of alerts. With tighter security controls, reduced agent fatigue, and minimal overhead on personal computers, Ops reduces dependency on other IT resources. ThreatLocker further announced the incorporation of the Third Wall plug-in into its zero trust platform. This announcement followed Third Wall's acquisition last November. The sophisticated configurations manager for Windows consists of 58 lockdown policies and emergency actions to widen the scope of ransomware prevention and assure user compliance with HIPAA, PCI, NIST, and GDPR. The latest additions to ThreatLocker comply with several government regulations on the use of Zero Trust strategies to counter current threats. ThreatLocker will offer its new products to existing and new partners. Currently, it secures over a million endpoints worldwide. About ThreatLocker Founded in 2017, ThreatLocker is an endpoint security technology pioneer driving the cybersecurity industry toward a more secure way of preventing unexpected application vulnerabilities. Its ThreatLocker Control Suite integrates solutions for RingfencingTM, Application Whitelisting, Storage Control, and Elevation Control to simplify security. ThreatLocker’s powerful suite of security tools are designed to provide everyone from enterprises to government agencies to academic institutions complete control over which apps operate on their networks. The company is headquartered in Maitland, Florida and has been recognized as one of the most efficient cyber security solutions.

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

ReliaQuest Announces Launch of GreyMatter Phishing Analyzer

ReliaQuest | March 08, 2023

On March 7, 2023, ReliaQuest, a leading firm specializing in security operations, announced the addition of Phishing Analyzer to its GreyMatter platform, which is now available globally. This capability automates the entire abuse-mailbox management process, reducing the risk of phishing attacks by analyzing suspicious emails, taking remedial action, and sending follow-up notifications to users. Phishing attacks are a persistent and time-consuming issue, and although many organizations have Secure Email Gateways (SEGs) to combat email-based threats, malicious emails still manage to get through. Most phishing emails trick users into sharing valuable information, leading to costly Business Email Compromise (BEC) incidents that have cost organizations over $43 billion since 2016. In response, organizations are increasing their phishing awareness programs to empower contractors, employees and partners to help the security team battle against email phishing. However, the constant need for vigilance and alertness can lead to alert fatigue and burnout among employees. Even when users spot phishing emails, they need a way to notify security teams to prevent email-based attacks. GreyMatter Phishing Analyzer automates this process, allowing security teams to evaluate email-based threats in order to determine how they are gaining access and who has been affected, potentially saving thousands of hours and reducing employee dissatisfaction. GreyMatter Phishing Analyzer removes the burden of the abuse-mailbox by automatically analyzing reported emails to determine whether they are malicious or benign. If malicious, the reported email is removed from the user's inbox, as well as other matching emails from across the organization. Additionally, the tool enables security teams to see the full scope of the phishing attack without leaving the platform, and ReliaQuest's machine-learning capabilities speed up the analysis process, identifying phishing campaigns targeting the organization by matching against duplicate and similar emails across the organization. Once thoroughly analyzed, the tool automatically sends an analysis report to the security team and an analysis decision (benign or malicious) to the reporter, enabling security teams to add security controls for stronger protection. Overall, GreyMatter Phishing Analyzer can help organizations reduce the risk of phishing attacks and allow their employees to protect their organization better. About ReliaQuest ReliaQuest is a leading firm that boosts security operations. Its platform, GreyMatter, automates detecting, investigating, and responding to security threats across different tools and applications, including cloud, endpoint, and on-premise environments. The company has established a global presence, serving more than 700 customers, with 1,200 professionals spread across six operating centers worldwide. Its primary objective is to enable businesses to achieve their security goals. Trusted by numerous Fortune 1000 organizations, ReliaQuest supports risk management and initiative acceleration. It maintains a significant international footprint as a privately held entity headquartered in Tampa, Florida.

DATA SECURITY, ENTERPRISE IDENTITY, NETWORK THREAT DETECTION

ForgeRock is the First Identity Platform to Fully Eliminate Passwords

ForgeRock | March 21, 2023

ForgeRock®, a global digital identity leader, today announced ForgeRock Enterprise Connect Passwordless, a new passwordless authentication solution that eliminates the need for users to interact with passwords inside large organizations. Enterprise Connect Passwordless is the latest addition to ForgeRock’s industry-leading, passwordless authentication portfolio for consumer and workforce use cases. Developed through ForgeRock’s strategic partnership with Secret Double Octopus, the new solution, integrated into ForgeRock Identity Platform, protects the most commonly used and vulnerable enterprise resources such as servers, workstations, remote desktops, and VPNs. It helps large enterprises proactively defend against costly cyber-attacks and unauthorized access by providing a passwordless experience to legacy applications, systems and services. In turn, organizations can deliver an employee experience that empowers people to access their information without needing to know a password. “The move to passwordless authentication will fundamentally change every digital experience on the planet, starting with the most common experience of all - logging in,” said Peter Barker, Chief Product Officer, ForgeRock. “With the addition of Enterprise Connect Passwordless, ForgeRock is the only solution to offer a full spectrum of passwordless capabilities that help employees and consumers say goodbye to remembering their passwords.” Organizations deploying ForgeRock Enterprise Connect Passwordless become a more secure enterprise by removing employee interaction with passwords, and reducing the risk of compromise. Benefits include eliminating employee account lockouts and reducing the volume of IT tickets, which can lower operational costs from help desk interactions, increase workforce productivity and enhance the user experience. Removing Passwordless Orchestration and Deployment Complexities ForgeRock Enterprise Connect Passwordless uses next generation identity orchestration capabilities that allow enterprises to easily design and implement passwordless login and access journeys tailored to their unique security and experience needs. With ForgeRock, organizations now have the freedom to move to passwordless at their own pace – without it being an “all or nothing” experience. “When an organization decides it wants to go passwordless to improve user experiences, that can be a heavy lift, made lighter when accompanied by user journey orchestration technology,” said Jay Bretzmann, Research Vice President, Security Products, IDC. “The ability to rapidly create login experiences tailored to groups of diverse individuals is an imperative for modern enterprises. Orchestration not only provides the tools to do this, but also the ability to ‘fine-tune’ journeys in real-time. What used to take programmers and developers weeks or months can now be accomplished by non-technical IT or identity staff for a fraction of the time and cost.” Available in Q2, Enterprise Connect Passwordless augments the company’s existing passwordless capabilities, adding to the ongoing work ForgeRock has been doing to eliminate consumer passwords for more than a decade. A History of Paving the Passwordless Path for Enterprises The ForgeRock Identity Platform has an extensive history of providing organizations several options to help deploy passwordless authentication for mobile and web applications to reduce fraud and improve the user experience. ForgeRock can accelerate passwordless deployment with integration for applications, support for identity standards, easy to use workflows to enable workforce and CIAM passwordless user journeys, and web-based passwordless authentication through a browser using passkeys in their mobile devices. ForgeRock already supports passwordless authentication capabilities through FIDO2 WebAuthn standards and passkeys within the ForgeRock Identity Cloud, low-code, no-code access orchestration with ForgeRock Intelligent Access and AI-driven threat protection within ForgeRock Autonomous Access. ForgeRock also has alliances with partners that have developed curated FIDO solutions for many different types of applications. About ForgeRock ForgeRock® is a global digital identity leader helping people simply and safely access the connected world. The ForgeRock Identity Platform delivers enterprise-grade identity solutions at scale for customers, employees, and connected devices. More than 1,300 organizations depend on ForgeRock’s comprehensive platform to manage and secure identities with identity orchestration, dynamic access controls, governance, and APIs in any cloud or hybrid environment.