Integrigy provides automated vulnerability assessment and auditing solutions to support both FISMA and DOD Directive 8500.1.  AppSentry automates much of the compliance effort with predefined policies, audits, and reports.  Our reports are specific to the selected checklist or configuration guide being used and mirrors the actual required output as much as possible.  Using AppSentry can save days or weeks in the compliance effort.

FISMA

FISMA (section 3544(b)(2)(D)(iii)) requires each Federal Government agency to develop minimally acceptable system configuration requirements and ensure compliance with the configuration requirements. Systems with secure configurations have fewer vulnerabilities and are better able to thwart network attacks.  OMB requires agencies to cite in their annual FISMA report the percentage of Oracle systems that have been implemented using a recommended security configuration policy.  OMB expects agencies to use the published configurations or be prepared to justify why they are not doing so. Agency Inspectors General should review such use of the configuration policies to independently determine the adherence to such policies.

AppSentry automates much of the effort of complying and monitoring the compliance with NIST recommended security checklists for the Oracle Database, Oracle Application Server, and Oracle E-Business Suite.  Using AppSentry can eliminate days and weeks of compliance effort and automate much of the reporting associated with FISMA compliance for Oracle products.  Inspectors General and external auditors can use AppSentry to quickly identify databases and applications not compliant with agency selected configuration checklists.

AppSentry's policies, audits, and reports either automate or are compatible with the following security configuration checklists -

  • DOD DISA Database Security Technical Implementation Guide (STIG)
    • Oracle Database 10g, 11g (8.1.11)
    • Microsoft SQL Server 2000 (8.1.7)
    • Microsoft SQL Server 2005 (8.1.8)
    • Microsoft SQL Server 2012 (1.2)
  • DOD DISA ERP STIG 1.1
    • Oracle E-Business Suite 11i, R12 (technical controls only)
  • DOD DISA Web Server STIG 1.1
    • Oracle Application Server 9iAS, 10g, 11g (only Apache related)
  • NSA Guide to Secure Configuration and Administration of Oracle9i Database Server 1.2
  • NSA Oracle Application Server Security Recommendations
  • Oracle Corporation Oracle Database Security Checklist
  • Oracle Corporation Oracle Application Server Security Checklist
  • Oracle Corporation Secure Configuration Guide for the Oracle E-Business Suite 11i and R12

DOD Directive 8500.1

All DOD information systems must be configured in accordance with DOD approved security configuration guidelines.  The DISA Security Technical Implementation Guides (STIG) and associated checkslists provide these configuration guidelines to meet or exceed security requirements of DOD systems operating at the Mission Assurance Category (MAC) II Sensitive level (contains unclassified but sensitive information).

AppSentry automates the STIG compliance and validation process through predefined policies, audits, and reports.  All information that is gathered through scripts or manually is automated with AppSentry and stored in the AppSentry repository for off-line analysis and reporting.  Only interview related items are not automated, but often supporting data is retrieved by AppSentry to assist the auditor in the interview process.  AppSentry supports the following DISA STIGs and checklists -

DOD DISA Database Security Technical Implementation Guide (STIG)

  • Oracle Database 10g, 11g
  • Microsoft SQL Server 2000, 2005, 2012

DOD DISA ERP STIG

  • Oracle E-Business Suite 11i and R12 (technical controls only)

DOD DISA Web Server Security Checklist

  • Oracle Application Server 9iAS, 10g, 11g (only Apache related)

Authorized Federal Government Reseller

Integrigy's products are available directly from our authorized Federal Government reseller Norseman Technologies and can be ordered from Norseman's GSA Schedule.

Norseman Defense Technologies

GSA Schedule # GS35F4347D
Norseman Contact Info
Contact: Erich Huwar
Phone: 410-579-8600