CyberScope

What is CyberScope? 

CyberScope is an application co-developed by the Department of Homeland Security and the Department of Justice to automate and standardize manual and automated inputs of agency data for FISMA compliance reporting. 

How does Tenable support CyberScope?  

Tenable is uniquely positioned to provide CyberScope reporting for federal agencies by leveraging our Unified Security Monitoring solutions, which combine distributed Nessus vulnerability scanners, credentialed agentless auditing, real-time passive network monitoring and enterprise-scale reporting.

1. Tenable SecurityCenter enables organizations to centralize their Nessus scans and passive vulnerability results into one CyberScope report.
2. Continuous monitoring can be achieved by scheduling distributed Nessus scans with SecurityCenter as well as by managing real-time vulnerabilities discovered by distributed Passive Vulnerability Scanners.
3. Federal agencies can leverage the scale of SecurityCenter by placing different organizations discretely on a single console, as well as by deploying tiered consoles. Agencies can leverage SecurityCenter's many- leveled user, organizational, vulnerability repository and console-to-console access controls to deploy an architecture that meets their CyberScope reporting needs. 
4. CyberScope reports generated through SecurityCenter contain up-to-date, accurate and relevant information. Tenable's world-renowned research team maintains an extensive set of over 45,000 active and passive plugins, that currently covers close to 15,000 unique CVE IDs and almost 10,000 unique Bugtraq IDs. All Tenable active and passive vulnerability reports include CVSS scores, CVE tags, CPE reports as well as correlation with publicly available exploitation tools. 

 

Tenable's unique solutions are ready now to meet the evolving requirements of CyberScope, ensuring comprehensive and efficient enterprise risk management for FISMA compliance.

1. Tenable's solutions use dynamic asset discovery and system analysis to detect configuration and network device changes through real-time network and log monitoring, and active vulnerability and configuration audits. This ability can be used to automate and simplify the maintenance of ARF asset reports.
2. The Tenable Log Correlation Engine (LCE) collects log and event data from a wide variety of sources adding context and critical metadata to vulnerability data being reported to the CyberScope application. The Tenable Passive Vulnerability Scanner (PVS) passively monitors vulnerability data and can be used to update asset lists, CVE vulnerabilities and CPE information based on hosts that it discovers. This continuous monitoring component of Tenable's Unified Security Monitoring architecture complements data discovered through active scanning by monitoring what has changed on the network since the last scan as well as by providing client side vulnerability data for organizations that aren't performing credentialed patch audits. 

 

For more information about how Tenable's solutions can be used to achieve FISMA compliance through CyberScope reporting, please contact us:

First Name
Last Name
Company
Phone
Email
City
State/Province
Comments