Continuous Monitoring and Risk Scoring (CMRS) is a web based system that visualizes the cybersecurity risk of the Department of Defense (DoD) based on published asset inventory and compliance data.
The risk state of the DoD Enterprise security controls for software inventory, antivirus configuration, Security Technical Implementation Guide (STIG), and Information Assurance Vulnerability Management (IAVM) vulnerability and patch compliance are measured and reported.
CMRS supports the risk-management approach to cybersecurity oversight by quantitatively displaying an organization’s security posture through the use of risk dashboards. Using the risk dashboards, users can gather actionable direction, implement prioritized mitigation decisions, and ensure effectiveness of security controls in order to support their cybersecurity risk management duties.
VALUE TO OUR MISSION PARTNERS
CMRS displays risk dashboards based on published HBSS and ACAS data so that users can see the cybersecurity risk to the DoD and its sub-components (CC/S/A/FAs).
CMRS leverages the use of automated data feeds. Currently, there is a risk dashboard generated based on published Host Based Security System (HBSS) data as well as reports based on published Assured Compliance Assessment Solution (ACAS) data.
ACAS publishing to CMRS can be done with any version of Security Center back to version 4.8.2.
HBSS Server Components
- Asset Publishing Service (APS) version 126.96.36.199 or later
- Operational Attribute Model (OAM) version 188.8.131.52 or later
- Arcsight Connector 184.108.40.20600.0 or later
HBSS Client Components
(McAfee) ePolicy Orchestrator (ePO) version 220.127.116.11 or later
- McAfee Management Agent (MA) version 18.104.22.1683 or later
- McAfee VirusScan Enterprise (VSE) version 22.214.171.1249 (P8) or later
- McAfee Endpoint Security (ENS) - Not applicable unless SHB version 10.3
- McAfee Host Intrusion Prevention (HIPS) version 126.96.36.19928 (P8) or later
- Data Loss Prevention (DLP) version 10.0.100.372 or later
- HBSS Rogue System Detect (RSD) version 5.0.4 or later
- McAfee Policy Auditor Agent (PA) version 188.8.131.522 or later
- Asset Configuration Compliance Module (ACCM) version 184.108.40.206 or later
- MAC - Not Applicable for SHB version 10.0 or 10.1
- MAC version 220.127.116.113 or later for SHB version 10.2 or later