The latest version of Nexpose, 5.3, allows federal agencies and consultants to generate reports that can be submitted into the CyberScope reporting tool in compliance with Federal Information Security Act (FISMA) requirements for security information data.
CyberScope, which is mandated by the Office of Management and Budget (OMB) is a Web-based application that collects data around the relevant vulnerabilities, configurations, and assets that are present within a federal agency in a standardized XML format. As of late 2011, federal agencies are required to submit an XML document created by a security tool into CyberScope to maintain FISMA compliance. This is a step forward towards the OMB's initiative to monitor the security risks in a continuous manner.
The generation of a CyberScope XML report has been integrated into the present reporting workflow within Nexpose. Therefore, a user only has to select the CyberScope XML Report format in the Reporting dashboard to generate a CyberScope report. If not all of the assets in your organization are applicable, you can restrict the report scope to those that are applicable.
In addition, since it is a requirement for federal agencies to submit reports on a monthly basis into CyberScope, Nexpose has the ability to schedule the generation of a report on a recurring basis, such as monthly. Therefore, a user can let Nexpose do all of the work for them, downloading the reports when required for submission.
Nexpose makes it easy for users to manage their FISMA requirements with unified vulnerability and configuration scanning coupled and the easy generation of a CyberScope compatible report.