Take Control of Your Controls
Managing risk today isn’t easy. Many times, your success in reducing risk is dependent on the effectiveness of the controls within business operations. The design and implementation of control activities are key for your organization to reduce the possibility of negative events such as compliance violations, business disruptions, data breaches and a host of other scenarios.
I am happy to announce general availability of RSA Archer Release 6.4 SP1. This release includes updates to several key use cases that are critical in managing control documentation, testing and reporting. In other words, this latest RSA Archer platform and use case release focuses on helping customers ‘take control of your controls.’. Following on the heels of RSA Archer Release 6.4 in April , RSA Archer 6.4 SP1 leverages features introduced in RSA Archer Release 6.4 within several use cases and includes additional updates to the RSA Archer Platform.
Use Case Updates
- RSA Archer IT Security Vulnerabilities Program – One of the most prevalent security controls is the identification and remediation of vulnerabilities on IT systems. These vulnerabilities are the foothold today’s security threats need to compromise systems, ultimately leading to data breaches. The process that identifies those vulnerabilities and ensures proper patches are implemented is critical in reducing the ‘attack surface’ of an organization.
The RSA Archer IT Security Vulnerabilities Program use case is designed to offer security teams an integrated approach to identifying and prioritizing high-risk cyber threats, proactively managing IT security risks by understanding the criticality of various assets to business operations, and combining those insights with actionable threat intelligence, vulnerability assessment results and comprehensive workflows.
Updates to this use case in this release improve performance of data feeds, introduce new workflows, update the integration to the National Vulnerability Database (NVD) and add a new Vulnerability Tickets application to track remediation actions needed to address vulnerabilities identified by scanners.
- RSA Archer IT Controls Assurance / RSA Archer Controls Assurance Program Management – Forming the foundation of RSA Archer’s compliance approach, these use cases are engineered for risk and compliance teams to assess and report on the performance of controls across all assets and automate control assessments and monitoring.
Updates to these use cases within this release streamline the compliance testing and controls management processes with improved planning for Compliance testing and support for multi-phase tests throughout the year. One of the most exciting additions is the End-to-End Compliance Project Management, allowing compliance teams to scope controls and plan and generate appropriate Control tests as needed. Additionally, a new Control Procedure Hierarchy provides a method to create a master list of Controls with automated creation of Control Instances via the Control Generator for different business entities and infrastructure. A new Evidence Repository application is now also included providing a single repository for evidence gathered in the Compliance testing process.
This latest RSA Archer release also includes new and updated Platform features. One of the key new features is the addition of an Electronic Signature using RSA Archer authentication or emailed PIN authorization. This feature strengthens customers’ ability to log and track user actions and support non-repudiation of attestations.
In addition, other Platform updates in this release include:
- Data feed performance and scalability improvements when using the Batch Content Save Token
- Additional filtering capabilities for Calculated Cross-Reference and Report Object hierarchical values lists
- Dynamic Field Population via Mapping for Bulk Action to populate fields with content assigned from a related field
- Performance improvements for hierarchical values lists
For more information, see the RSA Archer Release 6.4 SP1 Product Advisory.