The Assured Compliance Assessment Solution (ACAS) is an integrated software solution that is scalable to an unlimited number of locations. The solution's tiering ability will give Department of Defense (DoD) enhanced enterprise security while being easy to install and manage. It can be easily deployed via download to all DoD agencies - without the need to procure and install appliance devices. DoD will discover that the ACAS product suite easily provides the required automated network vulnerability scanning, configuration assessment, application vulnerability scanning, device configuration assessment, and network discovery it needs. Further, the product suite generates the required reports and data, with a centralized console, and is SCAP compliant. There is much more to the capabilities of the ACAS and you can find out more information by reading the material referenced below. DISA's Infrastructure Development (ID) is providing program management and supporting the deployment of this solution. The ACAS tool is a follow-on capability to the Secure Configuration Compliance Validation Initiative (SCCVI) tool.


Sec Center As the central console for ACAS, Security Center offers the ability to automate and quickly scale an organization’s vulnerability and compliance scanning infrastructure, as well as provide capabilities to allow for management, alerting, and reporting against vulnerability and compliance requirements.
Nessus A fully capable scanner covers a breadth of checks, including unique Common Vulnerabilities and Exposures (CVEs), and successfully operates across different environments.

3D Tool

The Topology Viewer imports asset data from the Nessus scanner or SecurityCenter and provides graphical analysis information such as network and protocol maps, communication paths, and vulnerability maps. The Topology Viewer also imports and converts Open Vulnerability Assessment Language (OVAL) vulnerability files for upload into SecurityCenter.

PV Scanner

The PVS monitors network traffic in real-time. It determines server and client side vulnerabilities and sends these to Security Center in real-time. It continuously looks for new hosts, new applications and new vulnerabilities without requiring the need for active scanning.