Skip navigation
All Places > Products > RSA Archer Suite > Blog
1 2 3 Previous Next

RSA Archer Suite

461 posts

Today, we’re pleased to announce availability of Archer Exchange offerings for November 2020. This release marks the successful completion of our first continuous release cycle for the Archer Exchange. And there are more great offerings to come!

 

This latest Exchange release primarily includes updates to a number of existing offerings, but also includes a few new offerings:

 

  • App-Packs– pre-built applications addressing adjacent or supporting Integrated Risk Management processes (e.g. niche, industry, geo-specific)

 

  • Tools pre-built functions enabling administrators to more easily manage their Archer implementations
    • Archer Advanced Workflow Content Assistant helps organizations change the Advanced Workflow business flow for an application and has been updated to support Archer Release 6.9.
    • Archer Data Feed Monitor enables an Archer Administrator to call a data feed when there is work to do. It has been updated to encrypt the Config file upon initial execution.
    • NTT Platform Monitoring and Operations enables organizations to monitor the health of their Archer environment and proactively identify issues that may impact system integrity or availability.  

 

  • Integrations- pre-built data exchange configurations bringing data into and pushing data out of the Archer Platform
    • LexisNexis data feeds and JavaScript file have been updated to improve performance and ingest Historical Notes content.
    • RiskLens Gen 3 has been updated with new JavaScript code to address validation errors when executing data feeds. RiskLens Gen 3 integrates with the following use cases:
      • Archer IT Risk Management
      • Archer Operational Risk Management
      • Archer Top-Down Risk Assessment
      • Archer Information Security Management System (ISMS)
    • RiskRecon Third Party Security Risk Monitoring has been updated to improve performance, provide filtering by issue severity at the API endpoint, and enhanced error handling for data feeds. RiskRecon Third Party Security Risk Monitoring integrates with the following use cases:
      • Archer Third Party Catalog
      • Archer Third Party Engagement
      • Archer Issues Management
    • SecurityScorecard integrates with the Archer Third Party Catalog use case and has been updated with new JavaScript code to improve integration performance.
    • SirionLabs Contract Lifecycle Management (CLM) is a new integration for the Archer Third Party Catalog use case and enables organizations to manage their engagements throughout the complete lifecycle of a contract.
    • Thomson Reuters Regulatory Intelligence integrates with the Archer Corporate Obligations Management use case and has been updated with new JavaScript code to address validation errors when executing data feeds.
    • Veracode integrates with the Archer Third Party Catalog use case and has been updated to accommodate the new Veracode APIs. 

 

In a year filled with unprecedented challenges and uncertainty beyond our control, I find it especially rewarding to focus on outcomes where things have fallen naturally into place.  That’s why I feel incredibly fortunate to be Archer’s new CEO as we lead our business into its next chapter.  Just a few months ago, I couldn’t have predicted the opportunity to join an iconic leader in the risk management software industry where I’ve spent my career, and be able to continue my partnership with Symphony Technologies Group - RSA’s primary portfolio sponsor.

 

I was equally excited by the opportunity to address the passionate Archer customer base (albeit virtually) today at the Archer Summit 2020.  For those unable to join this year’s event, let me recap some of the main points.

 

First and foremost, my message to customers is to reinforce our commitment to Archer’s leadership and innovation in the Integrated Risk Management arena.  As an independent company, we have a better opportunity to focus on that singular objective and drive on the collective energy and passion of our employees and this entire community towards that mission.

 

Since my arrival at Archer just a few short weeks ago, I’ve been incredibly impressed by the recent momentum around the offerings, all of which has only reinforced what I knew of Archer’s reputation. Not only have recent innovations in the product been huge drivers of value for customers, but they also act as a foundation for new areas of development and value creation. For example, the move to Archer’s Cloud has enabled a major online retailer to be implemented within 90 days.  We have the ability to be more agile and responsive to the changing needs of risk managers, and more fully committed to ensuring long-term customer success.

 

I shared our focus on four strategic pillars which will guide our efforts and investments in the future:

  • Modern Cloud Offerings: we have already seen tremendous improvements in time to value for our customers using Archer Cloud and will continue to advance our capabilities as a preferred deployment method.
  • Integrated Risk Management for the Enterprise: we believe our capabilities are unmatched and create tremendous differentiation, and we plan to compound that advantage to engage more stakeholders in the risk process and improve communication and outcomes through broad use of the Archer platform.
  • Analytics: with nearly 1,500 customers globally, we plan to share depersonalized insights across our vast customer network to help how our clients think about risk and the usage of Archer.
  • Customer Success: we have formally launched our Customer Success Program (CSP) offerings to create a formal process to ensure our client objectives are known and whether we are collectively realizing the benefits expected through our proven, developed methodology.

  

Finally, I communicated our independent brand identity for the Archer business.  Although there have been many advantages being part of Dell and RSA, that association has led some to think our capabilities are solely focused on IT risk management.  Our newly relaunched Archer brand gives us the opportunity to renew a connection to the broader elements of operational risk and reinforce the importance of integration of risk across the entire organization, not just IT.

 

These are just a few areas where you will be seeing and feeling the positive impacts of our independence, and so I look forward to building upon today’s news and the many highlights of the Archer Summit 2020 to work with all of you in writing Archer’s next chapter.

We are excited to announce that RSA Archer Exchange will have a virtual booth at RSA Archer Summit 2020 on October 6! This year's annual RSA Archer customer conference will be a virtual event and it's FREE to attend -- REGISTER NOW! You can join us at our virtual booth in your preferred time zone from the comfort of your chair to learn about some of our most popular offerings.

 

We will provide 15-minute demonstrations of RSA Archer Exchange offerings around the clock throughout RSA Archer Summit. With this year's "follow the sun" format, when we are within standard business hours for a specific region's time zone, we will highlight the most requested offerings for that geographical area. This allows you to see what matters most for your specific needs during the hours that are most convenient for you.

 

Check out the RSA Archer Exchange demo schedule below to see which offerings you want to learn more about. Please note that the times listed are subject to change.

 

Asia Pacific Schedule

Date and Local TimeDemo Topic
Oct 6, 2020 - 12:00 PM - 12:10 PM (AEST)RSA Archer Exchange Tour
Oct 6, 2020 - 12:10 PM - 12:20 PM (AEST)RSA Archer Conflict of Interest App-Pack
Oct 6, 2020 - 12:20 PM - 12:30 PM (AEST)RSA Archer Gift Registration App-Pack
Oct 6, 2020 - 12:30 PM - 12:40 PM (AEST)RSA Archer Product Security Development Assessment App-Pack
Oct 6, 2020 - 12:40 PM - 12:50 PM (AEST)RSA Archer Strategic Risk Management App-Pack
Oct 6, 2020 - 12:50 PM - 1:00 PM (AEST)Evalto Inactive User Reporting App-Pack
Oct 6, 2020 - 1:00 PM - 1:10 PM (AEST)RSA Archer Speak Up App-Pack
Oct 6, 2020 - 1:10 PM - 1:20 PM (AEST)RSA Archer Strategic Planning App-Pack
Oct 6, 2020 - 1:20 PM - 1:30 PM (AEST)RSA Archer Support Requests App-Pack

 

India Schedule

Date and Local TimeDemo Topic
Oct 6, 2020 - 12:00 PM - 12:10 PM (IST) RSA Archer Exchange Tour
Oct 6, 2020 - 12:10 PM - 12:20 PM (IST) RSA Archer Conflict of Interest App-Pack
Oct 6, 2020 - 12:20 PM - 12:30 PM (IST)RSA Archer Gift Registration App-Pack
Oct 6, 2020 - 12:30 PM - 12:40 PM (IST)RSA Archer Product Security Development Assessment App-Pack
Oct 6, 2020 - 12:40 PM - 12:50 PM (IST) RSA Archer Strategic Risk Management App-Pack
Oct 6, 2020 - 12:50 PM - 1:00 PM (IST) Archer Scripts Offerings
Oct 6, 2020 - 1:00 PM - 1:10 PM (IST)RSA Archer Speak Up App-Pack
Oct 6, 2020 - 1:10 PM - 1:20 PM (IST)RSA Archer Support Requests App-Pack
Oct 6, 2020 - 1:20 PM - 1:35 PM (IST) RSA Archer NIST-Aligned Privacy and Cybersecurity Framework App-Packs

 

Europe & Middle East Schedule

Date and Local TimeDemo Topic
Oct 6, 2020 - 12:00 PM - 12:10 PM (GMT)RSA Archer Exchange Tour
Oct 6, 2020 - 12:10 PM - 12:20 PM (GMT)RSA Archer Speak Up App-Pack
Oct 6, 2020 - 12:20 PM - 12:30 PM (GMT)Archer Scripts Offerings
Oct 6, 2020 - 12:30 PM - 12:40 PM (GMT)RSA Archer Complaints Tracking App-Pack
Oct 6, 2020 - 12:40 PM - 12:55 PM (GMT)NTT ISMS Risk & Control Assessment App-Packs
Oct 6, 2020 - 12:55 PM - 1:10 PM (GMT)Crowe Pandemic Response App-Pack
Oct 6, 2020 - 1:10 PM - 1:30 PM (GMT)HCL Regulatory Interactions Management App-Pack

 

Americas Schedule

Date and Local TimeDemo Topic
Oct 6, 2020 - 8:30 AM - 8:40 AM (EDT)RSA Archer Exchange Tour
Oct 6, 2020 - 8:40 AM - 8:55 AM (EDT)RSA Archer NIST-Aligned Privacy Framework App-Packs
Oct 6, 2020 - 8:55 AM - 9:10 AM (EDT)Crowe Pandemic Response App-Pack
Oct 6, 2020 - 9:10 AM - 9:20 AM (EDT)Evalto Inactive User Reporting App-Pack
Oct 6, 2020 - 9:20 AM - 9:30 AM (EDT)RSA Archer Project Management App-Pack
Oct 6, 2020 - 9:30 AM - 9:40 AM (EDT)RSA Archer Model Risk Management App-Pack
Oct 6, 2020 - 9:40 AM - 9:50 AM (EDT)RSA Archer Exam Management App-Pack
Oct 6, 2020 - 9:50 AM - 10:00AM (EDT)RSA Archer Contract Clause Management App-Pack
Oct 6, 2020 - 10:00 AM - 10:10 AM (EDT)RSA Archer FFIEC-Aligned Cybersecurity Framework App-Pack
Oct 6, 2020 - 10:10 AM - 10:20 AM (EDT)RSA Archer Multi-Record Publisher Tool & Utility
Oct 6, 2020 - 10:20 AM - 10:35 AM (EDT)RiskRecon Third Party Security Risk Monitoring Integration
Oct 6, 2020 - 10:35 AM - 10:40 AM (EDT)RSA Archer Advanced Workflow Content Assistant App-Pack
Oct 6, 2020 - 10:40 AM - 10:55 AM (EDT)NTT ISMS Risk & Control Assessment App-Packs
Oct 6, 2020 - 10:55 AM - 11:15 AM (EDT)HCL Regulatory Interactions Management App-Pack
Oct 6, 2020 - 11:15 AM - 11:25 AM (EDT)Archer Scripts Offerings
Oct 6, 2020 - 2:30 PM - 2:40 PM (EDT)Evalto Inactive User Reporting App-Pack
Oct 6, 2020 - 2:40 PM - 2:50 PM (EDT)RSA Archer Complaints Tracking App-Pack
Oct 6, 2020 - 2:50 PM - 3:00 PM (EDT)RSA Archer Speak Up App-Pack
Oct 6, 2020 - 3:00 PM - 3:15 PM (EDT)RSA Archer NIST-Aligned Cybersecurity Framework App-Packs
Oct 6, 2020 - 3:15 PM - 3:30 PM (EDT)Crowe Pandemic Response App-Pack

 

The RSA Archer Exchange team will be available in our virtual booth throughout RSA Archer Summit to answer any questions you may have. We look forward to having you join us to learn more about RSA Archer Exchange!

RSA has been named a Leader in the 2020 Gartner Magic Quadrant for IT Vendor Risk Management Tools. We believe this positioning speaks to the capabilities of RSA Archer in helping customers understand and manage risks that may arise from third party relationships. 

This is the fifth consecutive time* that RSA has been named a Leader in the Gartner Magic Quadrant for IT Vendor Risk Management

 

 

Register to download a complimentary copy of Gartner’s analysis of the IT Vendor Risk Management market and guidance on how to define requirements for IT Vendor Risk Management deployments.     

 

 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from RSA.

*Appeared as EMC (RSA) in Magic Quadrant for IT Vendor Risk Management, 2014, 2016. Appeared as Dell (RSA) in Magic Quadrant for IT Vendor Risk Management, 2017, Appeared as RSA in Magic Quadrant for IT Vendor Risk Management Tools, 2019. The report was not published in 2018.

Gartner, Magic Quadrant for IT Vendor Risk Management Tools, Joanne Spencer, Edward Weinstein, 24 August 2020

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Consolidated compliance and security monitoring

Managing the security and compliance of an IT infrastructure has become one of the most time-consuming and important tasks for IT security professionals. Firewalls, vulnerability scanners, intrusion detection systems, and compliance checks are powerful tools for safeguarding your critical IT assets. However, these tools are only as effective as your organization’s capacity to monitor, prioritize, and respond to crucial events. These tools often produce thousands of findings each day, leaving security teams to sort through alerts from various devices and identify which findings require action.

 

AWS solves this problem by consolidating compliance checks and security findings from Security Hub, GuardDuty, and other products into a centralized location. Findings flowing into Security Hub from GuardDuty, IAM Access Analyzer, Macie, and partner offerings are all standardized into the AWS Security Findings Format. This standardized format eliminates the need for manual data conversion and simplifies the process of transferring data into external environments. The AWS Security Hub integration with RSA Archer enables organizations to automatically import data directly into RSA Archer.

 

How it works

AWS Security Hub runs automated configuration and compliance checks based on industry standards such as CIS, AWS Foundational Security Best Practices, and PCI DSS standards. The checks provide real time compliance scores and identify devices and accounts requiring attention.

 

GuardDuty is a managed threat detection service that uses machine learning to safeguard critical AWS accounts and services from malicious activity and other security threats. GuardDuty monitors activities and logs issues within the AWS environment, provides recommended remediation actions, and assigns numeric severity values to these issues. Issues are then categorized into three severity levels based on the criticality and type of threat detected.

 

Leveraging cutting-edge technology

Prior to being routed into RSA Archer, Security Hub and Guard Duty findings flow into Simple Queue Services (SQS) Queues, which is a distributed message queuing service developed by Amazon. These queues offer a nearly unlimited number of API calls per second, and due to their distributed nature, they provide virtually unlimited throughput. Server-side encryption is available to protect the contents in SQS queues and can be configured using the AWS Key Management Service. These queues are extremely affordable and future proof the RSA Archer integration. Additional AWS Security Hub products and third-party offerings can be directly transferred from these queues into RSA Archer.

 

From AWS Security Hub to RSA Archer

The RSA Archer integration with AWS Security Hub provides users with the ability to leverage compliance checks and security findings in their RSA Archer environment. The Security Hub data feed ingests findings from Security Hub into the Configuration Check Results application. Check Results are then mapped to the technology baselines such as CIS, AWS Foundational Security Best Practices, and PCI DSS standards. GuardDuty security findings are routed into the new Potential Unauthorized Activity on-demand application.

 

Both Security Hub and GuardDuty findings can be grouped into tickets and formally remediated through the RSA Archer exception requests and remediation plans workflows. The integration also leverages RSA Archer’s new charting engine, which was introduced in version 6.7.  

 

Security Hub Dashboard

 

Interested in learning more about the AWS Security Hub Integration with RSA Archer?

Listen to a recording or check out the presentation of a Free Friday Tech Huddle that covered the AWS Security Hub integration with RSA Archer. Free Friday Tech Huddles are only available to RSA Archer customers. if you are not yet a customer but are interested in learning more, please contact your local representative or authorized reseller - or visit us at www.rsa.com.

We’ve done it again! For the fifth consecutive time, Gartner has named RSA a Leader in the just-published Gartner 2020 Magic Quadrant for IT Risk Management (ITRM).

 

RSA was previously named a Leader in the Magic Quadrant for IT Risk Management in 2019, 2017, 2016 and 2015*. We believe our repeated recognition as a Leader represents our continued efforts to deliver innovative solutions that help our customer more effectively manage risk.

2020 Gartner MQ ITRM

We want to sincerely thank our customers for their participation in Gartner’s evaluation. We appreciate your support and acknowledge the key role our customers play in RSA receiving this Magic Quadrant Leader position.

 

Footnote:

*Appeared as EMC (RSA) in Magic Quadrant for IT Risk Management 2015, 2016. Appeared as RSA in Magic Quadrant for IT Risk Management 2017. Appeared as Dell Technologies (RSA) in Magic Quadrant for IT Risk Management 2019. The report was not published in 2018.

Gartner, Magic Quadrant for IT Risk Management, Khushbu Pratap, Brent Predovich, Claude Mandy, 11 August 2020

Today, we’re pleased to announce availability of RSA Archer Release 6.9, delivering new features and enhancements to streamline access to key data and provide a cohesive, actionable view of risk and compliance at all levels of your organization. This release introduces new and updated RSA Archer Platform features designed to provide a more intuitive user experience, efficient search and reporting, and easier administration.

 

In addition to Platform updates, Release 6.9 includes updates to several RSA Archer use cases. Enhancements to the RSA Archer Controls Assurance Program Management and RSA Archer IT Controls Assurance use cases help you quickly set up evidence collection and ensure that evidence of the control is captured on an ongoing basis, all in one location. Bringing RSA Archer closer to delivering near real-time evidence collection, these updates allow you to easily designate which controls you want evidence collected for and whether you want automated or manual collection. Dashboards have been added to enable the evidence collection process to be more readily monitored and to help provide users with a better understanding of overdue evidence requests, evidences currently due, and those pending approval.

 

Release 6.9 also includes updates to the RSA Archer Cyber Risk Quantification use case, leveraging the RiskLens Generation 3 platform to provide an improved data model for analyzing risks and a more streamlined data interchange between RSA Archer and RiskLens environments. And on the heels of last month’s announcement of our new Vendor Portal functionality, Release 6.9 updates to the RSA Archer Third Party Risk Management use case include added fields to connect the Engagement Risk Assessments questionnaire with Vendor Portal.

 

We invite you to attend the Free Friday Tech Huddles this Friday, Aug. 28 and Friday, Sept. 11 for demonstrations of RSA Archer Release 6.9 features. (Available only to RSA Archer customers. Pre-registration is required.) For more information about this release, please visit the RSA Archer Release 6.9 subspace on RSA Link.

When an organization provides products and services to their clients, they may become inundated with requests for information. Most of these requests come in the form of Requests for Information (RFIs) or Requests for Proposals (RFPs) from external organizations. In some cases, organization are provided with a list of requirements or questions to which they must respond. These answers are typically pulled from different areas within the responding organization and are typically managed through email inboxes, making it difficult to track the responses and ownership.

 

The RSA Archer Request & Response Tracker provides a more efficient way to manage requests and provide responses in a timely manner. It can help you document requests, import requirements, and assign ownership to gather the necessary responses. Frequently used responses can be added to a library with approval tracking for use in the future. This allows you to minimize the response cycle time.

 

With the RSA Archer Request & Response Tracker app-pack, you can:

  • Document and track requests for information, proposals, etc.
  • Import requests and assign ownership for response
  • Document and manage responses and supporting evidence 
  • Create and maintain a library of approved responses
  • Export responses using mail merge template

 

The RSA Archer Request & Response Tracker app-pack includes several useful benefits, including:

  • Consistent and repeatable automated process for managing and tracking requests for information
  • Ensure accountability and timeliness for responses through workflow automation
  • Minimize information silos within the organization

 

Interested in learning more about the RSA Archer Request & Response Tracker app-pack?

Register and join us for a Free Friday Tech Huddle at 11:00 am Eastern Time on Friday, August 21 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

RSA Archer Request & Response Tracker

Request Manager

 

 

RSA Archer Request & Response Tracker

Response Owner 

As more services gather more data about individuals in the course of doing business, concern grows about the problems that could arise in processing that data if it is not protected properly. Improper protection impacts the organization because the organization is responsible for securely collecting and storing the data. While good cybersecurity practices help manage privacy risks by protecting people’s information, privacy risks can also arise from how you collect, store, use, and share this information to meet your mission or business objectives, as well as how individuals interact with your products and services.

 

NIST (National Institute of Standards and Technology) believes that organizations would be better able to address the full scope of privacy risk with tools that support better implementation of privacy protections. NIST has created the NIST Privacy Framework to help your organization identify your current privacy posture and your desired outcome. Using this framework, you can identify the gaps and develop action plans.

 

The RSA Archer NIST-Aligned Privacy Framework release 6.8 app-pack, which includes the NIST Cybersecurity Framework and utilizes the same methodology, allows you to assess both privacy and cybersecurity practices within your organization.

 

With the RSA Archer NIST-Aligned Privacy Framework app-pack, you can:

  • Create a Current Profile that indicates which privacy implementation tier is being achieved
  • Identify a Target Profile that describes the organization's desired privacy implementation tier
  • Conduct a Privacy Risk Assessment against Core activities in the NIST Privacy Framework
  • Analyze the Current Profile against the Target Profile to determine gaps
  • Implement an Action Plan to address privacy gaps
  • Conduct an assessment against the NIST Cybersecurity Framework

 

Benefits of the RSA Archer NIST-Aligned Privacy Framework app-pack include:

  • An enhanced privacy foundation built by bringing privacy risk into parity with broader enterprise risk portfolio
  • Improved protection of individual privacy and resiliency of critical infrastructure
  • Reinforcement of privacy risk management through a common language and consistent process for communicating requirements and progress
  • Ability to maintain compliance with regulatory requirements

 

Interested in learning more about the RSA Archer NIST-Aligned Privacy Framework app-pack?

Register and join us for a Free Friday Tech Huddle at 11:00 am Eastern Time on Friday, August 21 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

IoT Security Assessor Dashboard

RSA Archer NIST-Aligned Privacy Framework

Profile Owner Dashboard

 

RSA Archer NIST-Aligned Privacy Framework

Profile Scorecard

We're excited to share some updates. First, we have a new name - the RSA Archer Exchange - that emphasizes that our offerings, integrations and content are part of RSA Archer Suite. Second, we are simplifying the release naming convention and moving from "Release R#" to "Release Month Year," making "Release August 2020" the name for the latest Exchange release. Finally, following this release, we will begin working on a continuous release cycle. This means that we will be making RSA Archer Exchange offerings available as soon as the release activities for a particular offering have been completed.

 

With today's launch of RSA Archer Exchange Release August 2020, we're delivering new and updated offerings to help you manage security and risk. In today's environment, cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems and NIST has developed a risk-based Cybersecurity Framework to combat these cyber risks. NIST has also introduced a Privacy Framework. We've created the new RSA Archer NIST-Aligned Privacy Framework app-pack to allow customers to streamline the workflow and assess privacy and cybersecurity to identify gaps.

 

Release August 2020 includes new integrations that enable customers to prioritize documents and manage third party information in RSA Archer. In addition, we've released the RSA Archer Multi-Record Publisher tool to help customers look for records that have been marked ready for publication, and then publish and merge multiple records at the same time.

 

This release is packed with many new partner offerings and updates to existing offerings. Here is a full list of the new and updated offerings available in Release August 2020:

 

 

  • Tools - pre-built functions enabling administrators to more easily manage their RSA Archer implementations

 

  • Integrations - pre-built data exchange configurations bringing data into and pushing data out of the RSA Archer Platform
    • Compliance.ai helps organizations prioritize documents through customized alerts and filters and integrates with the following use cases:
      • RSA Archer Issues Management
      • RSA Archer Policy Program Management
      • RSA Archer Corporate Obligations Management
    • Panorays integrates with the RSA Archer Third Party Catalog use case to synchronize cybersecurity risk, questionnaire status, and third party information and ratings between Panorays and RSA Archer.
    • RiskLens Gen 3 has been updated to leverage the new features introduced as part of the RiskLens Gen 3 platform and integrates with the following use cases:
      • RSA Archer IT Risk Management
      • RSA Archer Operational Risk Management
      • RSA Archer Top-Down Risk Assessment
      • RSA Archer Information Security Management System 
    • Tenable.sc integration with RSA Archer IT Security Vulnerabilities Program has been updated to leverage the Application Managed Output Writer for JavaScript Transporter.

 

 

For an overview of the RSA Archer Exchange Release August 2020 offerings, please join us at 11:00 am Eastern Time on Friday, August 21 for a Free Friday Tech Huddle (pre-registration required; available to customers only).

 

There is a wealth of documentation, downloads, and more on the RSA Archer Exchange on RSA Link. I recommend that you bookmark the listing of all RSA Archer Exchange offerings. And if you have new ideas for the RSA Archer Exchange, please submit them on RSA Ideas!

Each year, you impress us with the innovative, holistic and inspiring ways you successfully manage, promote and drive engagement for your risk management programs.

 

This year, we are again excited to hear your stories and to celebrate the most innovative among us. It’s my pleasure to announce that nominations for RSA Archer Summit 2020 Awards are now open, and will be until Friday, September 4, 2020.

 

Many of you deploy and utilize RSA Archer in remarkable ways to help your company or customers thrive in a world of new risk challenges.

 

We invite you to nominate your company for an RSA Archer Summit 2020 Award in one of the following categories:

  • Innovation Award: Recognizing an organization for using RSA Archer in innovative ways to build applications and integrations that support process automation, collaboration and other digital initiatives.
  • Return on Investment Award: Highlighting an organization whose investment in digital transformation and digital risk management can be measured not only in cost savings but also in efficiencies, headcount and other metrics.
  • Community Advocate Award: Acknowledging the efforts of an individual who evangelizes digital risk management, promotes RSA Link Community best practices, builds positive community relationships, and offers guidance and expertise.
  • Excellence Award: Singling out organizations that are setting the bar for implementing best-in-class integrated risk management programs.

 

The award winners will be announced at the RSA Archer Summit 2020 virtual event on October 6, 2020. Winners will receive the following:

  • A crystal trophy awarded virtually by an RSA executive, along with special VIP recognition
  • A published video case study on RSA.com and interviewed for a future RSA blog post
  • Invitations to speak at our webinar panels as well as press opportunities, as they arise

 

Thank you  RSA Archer customers and partners for participating in this annual event.  Remember: mark your calendars, your nominations are due by September 4, 2020.  And, if you haven’t done so as yet, be sure to register for the RSA Archer Summit 2020 – A Virtual Experience registration is free. Check out the Agenda at a Glance too; RSA Archer Summit 2020 information is updated often!

 

We can’t wait to review your applications- and to ‘virtually see’ you on October 6!

RSA knows risk management is a team sport, which is why we’ve made it our mission to “Inspire Everyone to Own Risk.” And these days, “everyone” includes the vendors that provide services and goods that help to support and fuel your business. To effectively to manage your third-party risk, it’s essential to foster engagement with your vendors and gain insight into their activities.

 

Launched today, the new Vendor Portal for RSA Archer Third Party Risk Management makes it easier to facilitate collaboration between business stakeholders, risk managers, and external vendors. As a feature enhancement for the Third Party Risk Management use case, Vendor Portal provides an intuitive interface for vendors to easily and securely complete assessments, upload documentation, respond to issues, and attest to performance, while minimizing the management burden for RSA Archer administrators. 

 

RSA Archer users can publish content to Vendor Portal with the click of a button. Automatic provisioning makes it easy for vendors to access the system and invite their peers to collaborate. When their work is complete, assessment or application responses are natively synchronized back into RSA Archer for review.

 

Vendor Portal is a SaaS-based feature that is compatible with RSA Archer on-premises, hosted, and SaaS implementations that are licensed for the RSA Archer Third Party Risk Management use case. Vendor Portal can be utilized for up to 50 vendors at no charge, and larger vendor quantities can also be supported at an additional charge.

 

Key features of Vendor Portal include:

  • An external interface and dashboard for secure collaboration with vendors
  • Native synchronization with RSA Archer to externally publish applications and questionnaires and retrieve responses
  • Self-service provisioning for vendor users

 

Customer benefits of Vendor Portal include:

  • More efficient engagement with vendors
  • Intuitive experience for vendors with nominal training
  • Reduced management burden for RSA Archer administrators

 

 

If you’d like a closer look at Vendor Portal, you can find more information on RSA Link. Customers are invited to join us for the upcoming Free Friday Tech Huddles (pre-registration is required):

  • July 24, 2020 at 11:00am Eastern -- Introducing Vendor Portal for RSA Archer Third Party Risk Management
  • July 31, 2020 at 11:00am Eastern -- Installing and Configuring Vendor Portal Service and Publish Custom Object

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers.

 

RSA Archer PCI Management enables organizations to streamline the compliance process, simplify stakeholder participation, and reduce overall compliance effort and cost. It allows organizations to jumpstart a PCI compliance program by conducting continuous assessments and providing visibility to manage and mitigate risk.

 

The PCI Standard Security Council (PCI SSC) released a new content set in the latest PCI DSS version 3.2.1. RSA Archer Release 6.8 includes updates to the RSA Archer PCI Management use case to leverage new content and self-assessment questionnaires (SAQs) available with PCI DSS version 3.2.1.

 

RSA Archer PCI Management guides merchants through the completion of relevant self-assessment questionnaires (SAQs). It also provides packaging and export of compliance program results and attestation articles in a properly formatted PCI Report on Compliance (RoC) for easy submission and review.

 

 

Customers can show compliance to the latest version of PCI DSS 3.2.1 by:          

  • Using the new content for PCI DSS 3.2.1 available in the Authoritative Sources, Control standards, Master Controls, Question library applications.
  • Completing the required, new PCI 3.2.1 Self-Assessment Questionnaire (SAQ). 
  • Performing a full Report on Compliance (RoC) assessment which has been updated to reflect version 3.2.1.
  • Using an update to the PCI Internal Stakeholder dashboard, which includes a new landing page iView and incorporates some of the new charting capabilities that were added in RSA Archer Release 6.7.
  • Leveraging documentation updates.

Financial controls compliance programs are an essential part of any publicly traded company.  The Sarbanes-Oxley Act ("SOX") of 2002 set requirements for all US public companies in order to curb fraud in corporate financial reporting.  This law provides requirements to help ensure that financial information is certified and accurately reported, reducing opportunities for corporate fraud and setting severe penalties for companies that do not meet the requirements.  Many countries around the world have also adopted similar measures that mirror or closely follow SOX requirements.  

 

In RSA Archer 6.8 Release, we introduced the RSA Archer Financial Controls Monitoring use case to help customers manage their financial compliance programs in RSA Archer.  While some of the controls, processes and testing approaches that are part of financial compliance are shared with other programs, there are specific elements that are necessary to meet the guidelines of financial compliance regulations. The Financial Controls Monitoring use case is a refresh of the former RSA Archer Controls Monitoring Program Management use case.   The updates allow companies to perform the program-specific actions for a Financial Compliance program in tandem with other compliance initiatives.  This supports the common set of controls and "test-once/apply-many" approach across multiple compliance programs built on the Controls Assurance Program Management architecture implemented within RSA Archer. 

 

In addition to these architectural changes the RSA Archer Financial Controls Monitoring use case includes new applications/questionnaires and leverages features and functionality of the RSA Archer Platform that were not previously available in the former Controls Monitoring Program Management.  Capabilities of Financial Controls Monitoring have been expanded to allow for a full lifecycle of documenting, testing and updating Process Narratives, tracking the Provided/Prepared By Client ("PBC") requests and improved scoping to manage sending/communicating information with a company's External Auditors.

 

 

RSA Archer Financial Controls Monitoring provides:

  • Management of end-to-end financial compliance program for regulations such as Sarbanes-Oxley (SOX)
  • Management of data requested and provided to external auditors
  • Tracking for changes and approvals of any modifications to key processes, controls and evidence utilized as part of a financial compliance program
  • Streamlining financial compliance obligations alongside other compliance programs

 

Interested in learning more about RSA Archer Financial Controls Monitoring? Join us for a Free Friday Tech Huddle on Friday, June 5, 2020 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller - or visit us at www.rsa.com.

With the increased use of IoT devices and constraints of security resources, organizations face issues with prioritization of risk and vulnerabilities. They need to focus on the appropriate security considerations to minimize risks and threats and ensure that the right security controls are in place. When organizations do not properly identify security gaps, they risk investing in unnecessary security measures.

 

Today's complex and changing security landscape makes deciding where to focus security resources a challenge for many organizations. To provide a framework to assess IoT security practices and implementation, the Security Maturity Model (SMM) was developed by the Industrial Internet Consortium (IIC). This framework helps organizations understand where they are as far as security is concerned and identify the gaps from where they would like to be.

Introduced to help you use the SMM framework, the RSA Archer IIC-Aligned IoT Security Maturity Assessment app-pack allows you to complete a security maturity assessment to determine your organization's current security posture and document your desired security outcome. This app-pack allows you to identify security gaps and develop action plans to reach your desired security posture while focusing on standards, guidelines, and practices that work best for your organization or implementation.

 

With the RSA Archer IIC-Aligned IoT Security Maturity Assessment app-pack, you can:

  • Create an IoT Security Risk Profile to capture security maturity assessment and results
  • Identify the scope of the maturity assessment
  • Determine current and target security maturity levels
  • Develop remediation plans to address gaps in security posture and maturity

 

The RSA Archer IIC-Aligned IoT Security Maturity Assessment app-pack includes several useful benefits, including:

  • Understanding the security posture for IoT implementations
  • Minimizing impacts to your organization through proper mitigation of security risks
  • Prioritizing security resources for IoT implementations
  • Compliance with standards and regulations through implementing appropriate security measures

 

Interested in learning more about the RSA Archer IIC-Aligned IoT Security Maturity Assessment app-pack?

Register and join us for a Free Friday Tech Huddle on Friday, May 29 for a live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.

 

IoT Security Assessor Dashboard

RSA Archer IIC-Aligned IoT Security Maturity Assessment

IoT Security Assessor Dashboard

Filter Blog

By date: By tag: