Continuous Monitoring and Risk Scoring (CMRS) is a web based system that visualizes the cybersecurity risk of the Department of Defense (DoD) based on published asset inventory and compliance data.
The risk state of the DoD Enterprise security controls for software inventory, antivirus configuration, Security Technical Implementation Guide (STIG), and Information Assurance Vulnerability Management (IAVM) vulnerability and patch compliance are measured and reported.
CMRS supports the risk-management approach to cybersecurity oversight by quantitatively displaying an organization’s security posture through the use of risk dashboards. Using the risk dashboards, users can gather actionable direction, implement prioritized mitigation decisions, and ensure effectiveness of security controls in order to support their cybersecurity risk management duties.
VALUE TO OUR MISSION PARTNERS
CMRS displays risk dashboards based on published HBSS and ACAS data so that users can see the cybersecurity risk to the DoD and its sub-components (CC/S/A/FAs).
CMRS leverages the use of automated data feeds. Currently, there is a risk dashboard generated based on published Host Based Security System (HBSS) data as well as reports based on published Assured Compliance Assessment Solution (ACAS) data.
ACAS publishing to CMRS can be done with any version of Security Center back to version 4.8.2.
HBSS Server Components
- Asset Publishing Service (APS) version 184.108.40.206 or later
- Operational Attribute Model (OAM) version 220.127.116.11 or later
- Arcsight Connector 18.104.22.16800.0 or later
HBSS Client Components
(McAfee) ePolicy Orchestrator (ePO) version 22.214.171.124 or later
- McAfee Management Agent (MA) version 126.96.36.1993 or later
- McAfee VirusScan Enterprise (VSE) version 188.8.131.529 (P8) or later
- McAfee Endpoint Security (ENS) - Not applicable unless SHB version 10.3
- McAfee Host Intrusion Prevention (HIPS) version 184.108.40.20628 (P8) or later
- Data Loss Prevention (DLP) version 10.0.100.372 or later
- HBSS Rogue System Detect (RSD) version 5.0.4 or later
- McAfee Policy Auditor Agent (PA) version 220.127.116.112 or later
- Asset Configuration Compliance Module (ACCM) version 18.104.22.168 or later
- MAC - Not Applicable for SHB version 10.0 or 10.1
- MAC version 22.214.171.1243 or later for SHB version 10.2 or later