Implementing Risk Management Framework is a complex and time-consuming, continuous activity that requires a systematic approach.
Problem & Fix
Eye4Risk is an Enterprise Cybersecurity Management System that provides an organization with the ability to continuously manage their IT Cybersecurity infrastructure
- Systems team members accomplish RMF through a structured and shared interface, guiding them through complex procedures
- Can provide reduction in hours expended up to 65%
Eye4Risk is a Tool Designed for the Navy
Eye4Risk is a Tool Designed For the Navy, by (FQV) Navy Support Contractors.
Eye4Risk aspires to be a Force Multiplier Cybersecurity Tool To Help Improve the RMF Process, thereby enabling Navy to have a more assertive Cybersecurity posture, and increase compliance to the required policies and procedures.
- Eye4Risk is built on the processes from Navy RMF Process Guide, version 2
- Systematically implements the 6 steps in the Navy RMF Process Guide
- Incorporates guidance from NIST, CNSS Instructions, DoD/DoN policies & directives.
- A Risk Management System that integrates critical process needed to maintain the system for over its lifecycle
- Eye4Risk was designed to complement eMASS (not replace it), by providing services and automated tools that reduce the overall effort of preparing information for accreditation. Note that all information in Eye4Risk is within your control, and not shared/exported unless you export the artifacts from Eye4Risk (compatible for being imported by eMASS)
- System Information Categorization – systematic workflows using embedded NIST data
- Facilitates selection of information types with rationale statements provided
- Provide customized interfaces to tailor CIA levels
- Automated generation of Navy Categorization forms for input into eMASS
- Automatically builds baseline Security Controls
- Eye4Risk provides a greater accuracy and a significant reduction in Time, Effort and Cost of performing the RMF effort through:
- Built-in knowledge Sources
- Systematic Workflows
- Guided Selection of Information Types
- Best Practices Tailoring of Security Controls
- Overlay determination and implementation processes
- Unique Process Selection of Security Controls
- Autocompletion of statements in the assessment process of CCI Procedures
- Policy Management to Security Control Relationships
Eye4Risk Facilitates
Selection of NIST SP800-53aR4 Security Controls
Tailoring of selected system & organizational security controls
Documentation of system & organizational security controls
Tracking and management of system & organizational wide compliance
The focus of “Eye For Risk” (E4R) is not on the achievement of obtaining an ATO, but on the processes that will lead the organization to effectively and efficiently complete all six steps of the RMF and build the means to maintain the System’s Cybersecurity for its time in service with ATO as a byproduct of E4R.
It is built to integrate with other RMF support systems such as eMASS & MCCAST through import spreadsheets. It also integrates with StackRox via imports of container scans.This allows E4R to perform real time management of a system’s Risk Management, Continuous Monitoring of Security Controls, [RMF] Reports while maintaining compliance with Authoritative Officials.
6-step: compliance workflow
Categorization of Information Systems
Selection of Security Controls
Implementation of Security Controls
Assessment of Security Controls
Authorization of Information Systems
Monitoring of Security Controls
Eye4Risk RMF Compliance Automation Tool
Automation
Automated RMF processes and streamlined compliance Helps IT managers identify weaknesses in cybersecurity posture. Reduces workforce activities and increases staff efficiency.
Documentation
Generates required RMF artifacts for compliance packages with eMASS integration Integration of security controls, requirements, and posture aids in plan customization to harden networks and mitigate risk while Generates official artifacts for ATO package submission, along with organizational policies and guidance.
Eye4Risk Functions
Management
Systematic Management Processes used in the assessment of governing security controls to ensure the compliance of systems and network assets through their Lifecycle.
Automation
Automates the system categorization process and determination information type for mapping the system to DoD level standards resulting in comprehensive plans used in Cybersecurity hardening of assets.
Assessment
Provides the user with pre-generated assessment statement based on compliance status.
CCI
Automatically performs Common Correlation Identifiers (CCI) procedure based on Security Control Assessments.
Reporting
Automated generation of both pre-formatted standard reports on stored system cybersecurity data for analysis and artifact reporting.
Workflow
Provides interactive workflows that allow users to manage the risk associated with discovered vulnerabilities.
Monitoring
Interactive management for Continuous Monitoring of security controls.
The concept of E4R is to integrate the different interrelated process that contribute to a System’s Cybersecurity health through holistic security management processes
EYE FOR RISK ENTERPRISE CYBERSECURITY MANAGEMENT SYSTEM
In test cases, Eye4Risk can produce significant time savings on RMF activities. This process ensures compliance in a timely manner and maximizes IT staff allocation, minimizes resources, and protects Government networks.
Modules include: System Categorization Tool, Security Control Tailoring Tool, Organizational Cyber Security Policies, System Security Plan Generation, Baseline Security Controls Generation, System Security Controls, Organization Policy Manager, Manage System Working RMF POA&M, Hardware/Server /Software/Database Inventory.