Design of Assured Compliance Assessment Solution (ACAS)
aka Tenable Nessus
Total Time in Months to Design
Customer was upgrading their Enterprise Vulnerability Management solution from eEye Retina to Tenable Nessus solution.
Context / Action
We Designed and oversaw partial integration of the new Assured Compliance Assessment Solution (ACAS). ACAS is a DoD term for the vendor solution called Tenable Nessus. The vendor’s solution comprises of a couple various components that make up ACAS Security Center, Nessus and Passive Vulnerability System (PVS).
Assured Compliance Assessment Solution (ACAS) is an integrated software solution that is scalable to an unlimited number of locations. The solution’s tier ability will give the Department of Defense (DOD) enhanced enterprise security while being simple to install and manage. It can be deployed without difficulty via download to all DOD agencies – without the need to procure and install appliance devices. The DOD will discover that the ACAS product suite easily provides the required automated network vulnerability scanning, configuration assessment, application vulnerability scanning, device configuration assessment, and network discovery it needs. Further, the product suite generates the required reports and data, with a centralized console, and is Security Content Automation Protocol (SCAP) compliant. There is much more to the capabilities of the ACAS and you can find out more information by reading the material referenced below. DISA’s Cyber Development (CD) is providing program management and supporting the deployment of this solution.
The design was complicated due to the number of networks that the solution had to span and the client’s customer based which it serviced. The client provided Enterprise Security services to every DoD service component in the Government (Army, Navy, Marines, Air Force, Coast Guard, OSD, WHS, Secretary of Defense, and many others). Their large architecture spanned throughout the globe.
After performing an assessment of the business and architecture, we designed a solution which leveraged the vendor’s cutting-edge tier structure which provided the mechanism to carve out and utilize the same system for all of the client’s tenets. Their previous designed operated in silos which led the client to have many of the same solutions operating independently. Our consolidated approach centralized the overall management of this vast Enterprise solution.