sagacity: vulnerability assessment and compliance data management tool
Sagacity is a vulnerability assessment and compliance data management tool designed to make security testing more efficient, effective and complete.
Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow analyze to communicate risk to their employers. Sagacity, originally written to support a government customer, was designed to fill that need.
What if an organization could turn massive amounts of irreconcilable vulnerability scan data into true knowledge and insight about their networks? They would be able to make wise decisions resulting in cost-effective actions to improve their security with the best return on investment.
- ingest data from Nessus vulnerability and compliance scans, SCC, nmap, MBSA and other automated tools
- correlate data to applicable STIG and IAVM checklists and deconflict data from multiple scan sources
- identify required manual STIG checks for a complete compliance assessment
- provide an efficient spreadsheet format for conducting manual tests and reporting compliance data
- track assessed hosts, applicable STIGs, OS’s, installed software, missing patches, network services and more
- security assessment task tracking to ensure a complete and thorough test
- statistical analysis of compliance rates, assessment completeness, Cat I, II, III findings and more.
Copyright 2018 CyberPerspectives, LLC