Continuous Monitoring and Risk Scoring (CMRS) is a web based system that visualizes the cybersecurity risk of the Department of Defense (DoD) based on published asset inventory and compliance data.
The risk state of the DoD Enterprise security controls for software inventory, antivirus configuration, Security Technical Implementation Guide (STIG), and Information Assurance Vulnerability Management (IAVM) vulnerability and patch compliance are measured and reported.
CMRS supports the risk-management approach to cybersecurity oversight by quantitatively displaying an organization’s security posture through the use of risk dashboards. Using the risk dashboards, users can gather actionable direction, implement prioritized mitigation decisions, and ensure effectiveness of security controls in order to support their cybersecurity risk management duties.
VALUE TO OUR MISSION PARTNERS
CMRS displays risk dashboards based on published HBSS and ACAS data so that users can see the cybersecurity risk to the DoD and its sub-components (CC/S/A/FAs).
CMRS leverages the use of automated data feeds. Currently, there is a risk dashboard generated based on published Host Based Security System (HBSS) data as well as reports based on published Assured Compliance Assessment Solution (ACAS) data.
ACAS publishing to CMRS can be done with any version of Security Center back to version 4.8.2.
HBSS Server Components
- Asset Publishing Service (APS) version 18.104.22.168 or later
- Operational Attribute Model (OAM) version 22.214.171.124 or later
- Arcsight Connector 126.96.36.19900.0 or later
HBSS Client Components
(McAfee) ePolicy Orchestrator (ePO) version 188.8.131.52 or later
- McAfee Management Agent (MA) version 184.108.40.2063 or later
- McAfee VirusScan Enterprise (VSE) version 220.127.116.119 (P8) or later
- McAfee Endpoint Security (ENS) - Not applicable unless SHB version 10.3
- McAfee Host Intrusion Prevention (HIPS) version 18.104.22.16828 (P8) or later
- Data Loss Prevention (DLP) version 10.0.100.372 or later
- HBSS Rogue System Detect (RSD) version 5.0.4 or later
- McAfee Policy Auditor Agent (PA) version 22.214.171.1242 or later
- Asset Configuration Compliance Module (ACCM) version 126.96.36.199 or later
- MAC - Not Applicable for SHB version 10.0 or 10.1
- MAC version 188.8.131.523 or later for SHB version 10.2 or later