Active Accreditation - Target specific risk-based Vulnerability Assessments

Q - How do I get my data into the system?

By clicking the upload button at the top of the screen it will lower the dropzone which will allow you to submit Nessus or ACAS files.

Q – What is CIA level and why do I need it?

CIA triad represents the functions of information systems. It’s a commonly used model in cybersecurity. The origin of this model is not clear, but some sources suggest that it emerged over time as an article of wisdom among information security professionals. The concept of confidentiality was formalized in a 1976 U.S. Air Force study, the concept of integrity was laid out in a 1987 paper, and the concept of availability gained prominence after the 1988 Morris worm attack

The model is useful for defining a comprehensive security posture since it adds another dimension to the data of system classification. For more information check out Administration

Q – How do I account for escalations related to reasons unhandled by the default system functions such as an inspection?

Manual reviews can be used to apply manual escalations. Just create an event and use your review categories to apply whatever escalation you need it to be.

Q – Why does Active Accreditation require credentialed scans?

While we understand the importance of uncredentialed scans in identifying vulnerabilities, the current focus of the product is to take a ground level view from inside the network on what your vulnerabilities are. Uncredentialed scans will not be able to find all of the vulnerabilities so we do not currently use them. In a future release we intend to incorporate both.

Help Center: FAQ