iAssurance was developed by Booz Allen Hamilton for information security and mission assurance practitioners and managers. There are three main tools provided within iAssurance.
• NVD Access
Access is provided to the National Vulnerability Database (NVD), hosted by the National Institute of Standards and Technology (NIST). NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. iAssurance provides the ability to search NVD for Common Vulnerabilities and Exposures (CVE). Upon returning a CVE, iAssurance displays the vulnerability description, date published and modified, an impact section that includes a Common Vulnerability Scoring System (CVSS) score and the vectors used to derive the score, and a configurations section.
• 800-53 Controls
A searchable database of NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations, is provided. Users can search the catalog based on several criteria. Individual controls may be further distributed by email.
• Emergency Planning
This module allows the user to create basic continuity of operations plans (COOP) that consist of action and contact checklists. Checklist completion status is logged and can be sent via email. The iPhone version can initiate phone calls from the contact checklists. Action and contact checklists may be developed separately from the COOP module.
Booz Allen Hamilton, a leading strategy and technology consulting firm, works with clients to deliver results that endure. Every day, government agencies, corporations, institutions, and not-for-profit organizations rely on Booz Allen’s expertise and objectivity, and on the combined capabilities and dedication of our exceptional people to find solutions and seize opportunities. We combine a consultant’s unique problem-solving orientation with deep technical knowledge and strong execution to help clients achieve success in their most critical missions.