Control Compliance Suite

 View Only
Back to discussions
Expand all | Collapse all

CCS Vulnerability Manager feature and capability

  • 1.  CCS Vulnerability Manager feature and capability

    Posted Oct 15, 2011 09:32 AM

    Hi folks,

    I’m evaluating CCS vulnerability manager so does anybody knows whether CCS vulnerability manager support requested features? I really appreciate your help.

     

     

     

    Requirement

    Comply Level

    (Fully compliant, Partialy Compliant, non-complient)

    1)    Vulnerability Scanning

     

    a.       Support vulnerability identification for all operating systems, Databases, Services, …

     

    b.      Support Vulnerability identification for all client applications, like Adobe product family, Apple product family and …

     

    c.       Support scheduled and policy based vulnerability scans (customized scan settings and schedule for different asset groups)

     

    d.      Scanning module should have load scan templates

     

    e.      Ability to define/import custom vulnerabilities

     

    f.        Scan results should be kept in our database in our datacenter

     

    g.       Possibility of offline update of vulnerability signatures

     

    h.      Automated Asset discovery feature

     

    i.         Possibility to rank asset value

     

    j.        Possibility to get integrated by Asset Management System

     

                                                                               i.      Ability to import and export list of assets

     

                                                                             ii.      Ability to get updates from Asset management system

     

    k.       The system should differentiate newly identified assets after each scan

     

    l.         Possibility of grouping assets

     

    m.    Ability to relate vulnerabilities and assets and asset groups

     

     

     

    2)    Risk Management Function:

     

    a.       Prioritize risks based on criticality of vulnerabilities and asset value

     

    b.      Ability to customize the risk calculation formula is a nice to have feature

     

    c.       Have a risk dashboard

     

    3)    Compliance Checking

     

    a.       Support assessment of systems against well-known security best practices including CIS, NIST and DISA.

     

    b.      Support assessment against customized configuration settings and creating customized configuration from available best practices. Ability to assign different configuration policies to different asset groups.

     

    c.       Customized configuration which allows considering the compliance ranks in Risk measures is a nice-to have feature

     

    d.      Support incident management for non-compliant systems/items

     

     

     

    4)    Customized Reporting

     
    • Ability to have customized reports with flexibility on filtering based on all system items, including but not limited to assets, asset groups, risk, vulnerability remediation status , configuration items (in compliance checking), …

     

     

    Best Regards,

    Rima